Strange behavior of Argon2

[JKearnsl]

Hello!

I recently started using your crate Argon2 but noticed strange behavior.

When initializing the Argon2 structure, I can set the output length to 0xFFFFFFFF or 4294967295 in digit. The code explicitly specifies a constant and checks:

https://github.com/RustCrypto/password-hashes/blob/0715e565f391b74d4de0948585e1a2636d12ee9f/argon2/src/params.rs#L80-L83

https://github.com/RustCrypto/password-hashes/blob/0715e565f391b74d4de0948585e1a2636d12ee9f/argon2/src/params.rs#L137-L145

Because of this, the initialization of the structure occurs successfully and everything is logical!

But during hashing, the hash_password function calls the method init_with

https://github.com/RustCrypto/password-hashes/blob/0715e565f391b74d4de0948585e1a2636d12ee9f/argon2/src/lib.rs#L585-L589

The implementation of which is located in another crate. And here other checks take place for a different length of a maximum of 64 characters and a minimum of 10.

https://github.com/RustCrypto/traits/blob/b1f6b1d37ac332b881b41e44f293f6662c98f25f/password-hash/src/output.rs#L147-L173

It is very strange. And in general, it’s strange that the Argon2 structure, in addition to this, also has hashing methods for some reason that contain “password” in the name, and your implementation can hash not passwords? I want to hash sessions/strings/whatever this is a weird interface and behavior!

[tarcieri]

There are two interfaces to Argon2, as outlined in the documentation:

https://docs.rs/argon2/latest/argon2/#usage

• Password hashing: this is a high-level API built on the password-hash crate. It's intended for typical password hashing applications which serialize the hash to a string in what's known as the PHC string format. It imposes additional constraints beyond what the Argon2 API is capable of.
• Key derivation (what you seem to be interested in): a lower-level API which is intended to produce binary outputs suitable as key material.

And in general, it’s strange that the Argon2 structure, in addition to this, also has hashing methods for some reason that contain “password” in the name, and your implementation can hash not passwords?

I assume your confusion here arises from the dual nature of the Argon2 API, but regardless, in either case the input is a password, and I don't have the faintest understanding what may have lead you to a conclusion like "your implementation can hash not passwords", as in all cases the inputs to Argon2 are intended to be passwords.

I want to hash sessions/strings/whatever this is a weird interface and behavior!

Argon2 is a password hashing algorithm / password-based KDF. It is not intended for applications which don't use a password as at least one of the inputs.

If you are just trying to derive a key from a number of inputs, one of which is a secret high-entropy string but not a "password", consider HKDF instead.