search

gchq / CyberChef

The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
https://gchq.github.io/CyberChef
Apache License 2.0
29.3k stars 3.28k forks source link

Bug report: Argon2 salts do not match between input and hash output #1881

Open echec-et-math opened 2 months ago

echec-et-math commented 2 months ago

Describe the bug Entering a salt in hex or base64 for Argon2 results in a hash with a different salt.

To Reproduce

  1. Compute any Argon2 hash
  2. Setup any hexadecimal or base64 salt and specify the adequate encoding
  3. In the case of an hexadecimal salt, manually convert it to base64, since Argon2 outputs always display the salt in base64.
  4. Compare the salts : they do not match.

Link to reproduce

Expected behaviour The salt from the input and the output should be the same.

Desktop :

Additional context Tweaking the parameters, salt size, salt base64 '=' padding does nothing significant.

However, using specific salts, sometimes the first bytes of the salts do match, and then look nothing alike : Link to reproduce