Shane32.Argon2 1.1.0

dotnet add package Shane32.Argon2 --version 1.1.0                
NuGet\Install-Package Shane32.Argon2 -Version 1.1.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Shane32.Argon2" Version="1.1.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Shane32.Argon2 --version 1.1.0                
#r "nuget: Shane32.Argon2, 1.1.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Shane32.Argon2 as a Cake Addin
#addin nuget:?package=Shane32.Argon2&version=1.1.0

// Install Shane32.Argon2 as a Cake Tool
#tool nuget:?package=Shane32.Argon2&version=1.1.0                

Shane32.Argon2

NuGet Coverage Status

Provides a set of functions for hashing passwords using the Argon2 algorithm into a composite string containing the hash parameters, salt and hash.

Usage

The algorithm typically creates a single string containing both the hash parameters, salt and the hash itself.

using Shane32.Argon2;

// Select a set of parameters to use that require at least 0.2 seconds of hashing time
var parameters = await Argon2Library.SelectParametersAsync(
    parallelism: 2,
    minTime: TimeSpan.FromSeconds(0.2),
    hashLengthBits: 256,
    saltLengthBits: 128);

// Create a hash with generated parameters
var hash = await Argon2Library.HashAsync("password", parameters);

// Create a hash with custom parameters
var hash2 = await Argon2Library.HashAsync(
    "foobar",
    new Argon2Parameters(
        parallelism: 4,
        iterations: 16,
        memorySizeKb: 4096,
        hashLengthBits: 64));

// Verify a hash
var ok = await Argon2Library.VerifyAsync("password", hash);

You can also generate a string containing the parameters and salt separately from the hash:

// Create a salt
var salt = Argon2Library.CreateArgonSalt(parameters);

// Create a hash
var hash = await Argon2Library.HashAsync("password", salt, 256);

// Verify a hash
var ok = await Argon2Library.VerifyAsync("password", hash, salt);

It is also possible to create the hash with a known secret by passing a byte array to the above functions. The hash does not contain the secret and will require the secret to verify the hash against a password.

Format

The hash string is composed of multiple parts, separated by $, as shown below:

$a2id${parallelism}${iterations}${memorySize}${salt}${hash}
Parameter Description
parallelism The number of lanes to use while processing the hash
iterations The base-2 logarithm of the number of iterations to apply to the password hash
memorySize The base-2 logarithm of amount of memory to use while processing the hash, in kilobytes
salt The salt used to generate the hash, base-64 encoded
hash The hash of the password, base-64 encoded

Example:

$a2id$4$4$12$08ivHvoRWVg=$Upe6Dg66bMM=

The above hash string was generated using the following parameters:

Parameter Value
parallelism 4 lanes
iterations 16 iterations
memorySizeKb 4,096 kilobytes
hashLengthBits 64 bits
password foobar

When the salt is stored separately from the hash, the salt string is the same as the hash described above, excluding the hash:

Salt Hash
$a2id$4$4$12$08ivHvoRWVg=$ Upe6Dg66bMM=

Notes

  • This uses the Konscious.Security.Cryptography.Argon2 underlying library to create the Argon2 hash. The library is a C# implementation of Argon2 and may be subject to side-channel attacks.

  • The Argon2id variant is used when creating hashes.

  • The salt generation function uses the default .NET cryptographic random number generator and currently generates a salt of the same length as the desired hash length.

  • The password fed to the Argon2id implementation is the UTF-16 little-endian encoding of the password string.

Current recommendations for Argon2 parameters vary widly based on the source and use case; some say:

Parameter Recommendation
parallelism Number of CPU cores on the server
iterations 2-4 depending on the server hardware
memorySizeKb 65,536 KB or as much as the server can comfortably handle
hashLengthBits 256 bits
Salt length 128 bits
Hashing time 0.5 seconds

The algorithm within SelectParametersAsync starts with the following parameters and then alternately doubles the iterations and memory size until the desired minimum hashing time is reached:

Parameter Value
iterations 1 iteration
memorySizeKb 4,096 kilobytes

On the hardware used for testing, the following parameters were generated with a minimum hashing time of 0.5 seconds and a parallelism value of 2:

Parameter Value
iterations 16 iterations
memorySizeKb 65,536 kilobytes

The SelectParametersAsync algorithm was designed with a certain use case in mind and may not fit your needs. It is also important to note that if the SelectParametersAsync algorithm is run concurrently with other tasks on the same machine, the generated parameters may be lower than typical.

Possible future features

  • Support for Argon2, Argon2i, and Argon2d formats (would use unique prefix for each format)
  • Support for verifying BCrypt passwords
  • Integration of the underlying library to avoid the dependency
  • Use of another underlying library that is not subject to side-channel attacks
  • Execution of hash verification functions on a thread with a lower priority, and execution of parameter selection functions on a thread with a higher priority
  • Wrapper to provide resistance to denial-of-service attacks

Credits

Glory to Jehovah, Lord of Lords and King of Kings, creator of Heaven and Earth, who through his Son Jesus Christ, has reedemed me to become a child of God. -Shane32

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.1.0 1,105 2/15/2023