search

mheyman / Isopoh.Cryptography.Argon2

Fully managed .Net Core implementation of Argon2
Other
196 stars 9 forks source link

Using Argon2.Hash() with string Secret fails Verify() #13

Closed outkst closed 6 years ago

outkst commented 6 years ago

When using the the basic Argon2.Hash(string Password) method, I can successfully hash and verify my passwords. But when I introduce the string secret parameter, my passwords no long are verified. Example:

// WORKS
var plaintextPassword = "MyPassword";
var hashedPassword= Argon2.Hash(plaintextPassword);
var check = Argon2.Verify(hashedPassword, plaintextPassword);
// check == True
// DOES NOT WORK
var plaintextPassword = "MyPassword";
var hashedPassword= Argon2.Hash(plaintextPassword, "mysecret");
var check = Argon2.Verify(hashedPassword, plaintextPassword);
// check == False
outkst commented 6 years ago

Apologies, I did not see the overloaded method Argon2.Verify(string encoded, string password, string secret).

Please remove this issue.