Invalid pwhash salt length - 16 vs 32 bytes

jedisct1 / libsodium.js

libsodium compiled to Webassembly and pure JavaScript, with convenient wrappers.

Other

968 stars 138 forks source link

Invalid pwhash salt length - 16 vs 32 bytes #325

Closed stanhebben closed 1 year ago

stanhebben commented 1 year ago

It seems the pwhash functions here expect a salt length of 16 bytes. However, libsodium (at least version 1.0.18) uses a 32 bytes salt.

Where does this difference come from, and is there a way to fix this discrepancy with the official libsodium version?

jedisct1 commented 1 year ago

It's always been 16 bytes:

#include <stdio.h>
#include <sodium.h>

int main(void)
{
    printf("%zu\n", crypto_pwhash_saltbytes());
    return 0;
}

$ zig cc a.c -lsodium
$ ./a.out

16

stanhebben commented 1 year ago

Seems the rust-sodium wrapper I was using defaults to scryptsalsa208sha256 instead of argon. Explicitly using the scryptsalsa208sha256 functions solves the issue (and that uses a salt of 32 bytes).