search

jedisct1 / libsodium.js

libsodium compiled to Webassembly and pure JavaScript, with convenient wrappers.
Other
979 stars 141 forks source link

Salt size limit bug #332

Closed vault-thirteen closed 10 months ago

vault-thirteen commented 10 months ago

salt (S): Bytes (8..2^32-1) Salt (16 bytes recommended for password hashing)

https://en.wikipedia.org/wiki/Argon2

So, according to encyclopedia Wikipedia, Argon2 algorithm allows salt length to be up to 2^32 minus 1.

My browser shows that in this JS library sodium.crypto_pwhash_SALTBYTES is equal to 16. This violates the original Argon2 algorithm. The real salt size limit for Argon2 is 2^32 -1 bytes.

Salt size limit of 16 is either a bug or a special "feature" of this library, but in any case this is a violation of the original algorithm, and this fact is not stated in the description of this repository.

jedisct1 commented 10 months ago

According to the libsodium documentation, the expected size of the salt is crypto_pwhash_SALTBYTES bytes. This is a constant.

For more flexibility, there's a Javascript implementation of Argon2 that may better fit your needs: https://github.com/Rabbit-Company/Argon2id-JS