Password matches with invalid hashes

[seremenko-wish]

Test for reproduction

func TestBugReproduction(t *testing.T) {
    // "bug" valid hash: $argon2id$v=19$m=65536,t=1,p=2$UDk0zEuIzbt0x3bwkf8Bgw$ihSfHWUJpTgDvNWiojrgcN4E0pJdUVmqCEdRZesx9tE
    ok, _, err := CheckHash("bug", "$argon2id$v=19$m=65536,t=1,p=2$UDk0zEuIzbt0x3bwkf8Bgw$ihSfHWUJpTgDvNWiojrgcN4E0pJdUVmqCEdRZesx9tE")
    if err != nil {
        t.Fatal(err)
    }
    if !ok {
        t.Fatal("expected password to match")
    }

    // changed one last character of the hash
    ok, _, err = CheckHash("bug", "$argon2id$v=19$m=65536,t=1,p=2$UDk0zEuIzbt0x3bwkf8Bgw$ihSfHWUJpTgDvNWiojrgcN4E0pJdUVmqCEdRZesx9tF")
    if err == nil {
        t.Fatal("Hash validation should fail")
    }

    if ok {
        t.Fatal("Hash validation should fail")
    }

       // same can be done with salt
}

The issue is in base64 decrypt function call here https://github.com/alexedwards/argon2id/blob/master/argon2id.go#L165 and here https://github.com/alexedwards/argon2id/blob/master/argon2id.go#L171. If you don't use strict mode for these calls, you end up successfully matching invalid hashes.

More info:

• https://github.com/golang/go/blob/master/src/encoding/base64/base64.go#L86
• https://tools.ietf.org/html/rfc4648#section-3.5 (Section 3.5)

Solution:

• base64.RawStdEncoding.DecodeString calls should be replaced with base64.RawStdEncoding.Strict().DecodeString

[alexedwards]

Thanks so much for the clear report and failing test. I've just pushed commit https://github.com/alexedwards/argon2id/commit/e2135f7c9c7702071aa8c0881f593a3f039e69da which fixes this.

[seremenko-wish]

Thanks for fixing it in the article too :) It is in the first position for many google searches related to using Argon2 with Golang, and obviously that this issue leaked to many projects

[TorchedSammy]

since this is fixed can this issue be closed?