Closed vault-thirteen closed 10 months ago
According to the libsodium documentation, the expected size of the salt is crypto_pwhash_SALTBYTES
bytes. This is a constant.
For more flexibility, there's a Javascript implementation of Argon2 that may better fit your needs: https://github.com/Rabbit-Company/Argon2id-JS
https://en.wikipedia.org/wiki/Argon2
So, according to encyclopedia Wikipedia, Argon2 algorithm allows salt length to be up to 2^32 minus 1.
My browser shows that in this JS library
sodium.crypto_pwhash_SALTBYTES
is equal to16
. This violates the original Argon2 algorithm. The real salt size limit for Argon2 is 2^32 -1 bytes.Salt size limit of 16 is either a bug or a special "feature" of this library, but in any case this is a violation of the original algorithm, and this fact is not stated in the description of this repository.