[−][src]Module sodiumoxide::crypto::pwhash::argon2i13

Argon2 summarizes the state of the art in the design of memory-hard functions.

It aims at the highest memory filling rate and effective use of multiple computing units, while still providing defense against tradeoff attacks.

It prevents ASICs from having a significant advantage over software implementations.

Argon2i uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i is invulnerable to side-channel timing attacks but weaker against Time-memory Tradeoff (TMTO) attacks. If you are unsure which Argon2 variant to use, use Argon2id, not this module.

Note: libsodium provides a limited version of the Argon2 function. The salt parameter is fixed at 128 bits and the parallelism parameter is fixed to 1.

Structs

HashedPassword	`HashedPassword`is a password verifier generated from a password
MemLimit	`MemLimit` represents the maximum amount of RAM that the functions in this module will use, in bytes.
OpsLimit	`OpsLimit` represents the maximum number of computations to perform when using the functions in this module.
Salt	`Salt` used for password hashing

Constants

HASHEDPASSWORDBYTES	Number of bytes in a `HashedPassword`.
MEMLIMIT_INTERACTIVE	Safe base line for `MemLimit` for interactive password hashing.
MEMLIMIT_MODERATE	`MemLimit` for moderately sensitive data.
MEMLIMIT_SENSITIVE	`MemLimit` for highly sensitive data.
OPSLIMIT_INTERACTIVE	Safe base line for `OpsLimit` for interactive password hashing.
OPSLIMIT_MODERATE	`OpsLimit` for moderately sensitive data.
OPSLIMIT_SENSITIVE	`OpsLimit` for highly sensitive data.
SALTBYTES	Number of bytes in a `Salt`.
STRPREFIX	All `HashedPasswords` start with this string.
VARIANT	Variant id for the Argon2i13 algorithm

Functions

derive_key	The `derive_key()` function derives a key from a password and a `Salt`
gen_salt	`gen_salt()` randomly generates a new `Salt` for key derivation
pwhash	The `pwhash()` returns a `HashedPassword` which includes:
pwhash_verify	`pwhash_verify()` verifies that the password `str_` is a valid password verification string (as generated by `pwhash()`) for `passwd`