How to set the salt?

[parlough]

I planned to use Argon2, but I cannot find a way to include a salt. Are you just using a constant one or what? Would it be possible to allow us to include a salt in the hash function?

[phxql]

The salt is automatically generated, see https://github.com/phxql/argon2-jvm/blob/develop/src/main/java/de/mkammerer/argon2/BaseArgon2.java#L70.

Why do you want to set the salt?

[parlough]

If the salt is randomly generated wouldn't verify not work as the resulting hash would be different every time you put in the password. My understanding is you generate a salt randomly once for the user's password and store that with the resulting hash in a database?

[phxql]

The generated hash includes the salt. The verify method extracts the salt from the hash and uses that.

[parlough]

Oh that's a smart way of doing it actually, thank you, I didn't recognize that.

[uded]

To be honest, I like this approach as well. And yet I am missing a way to provide salt, secret and additional values. I think it would be beneficial to extend Argon2Advanced with salt providing String returning methods.

[phxql]

What should the returned string contain?

[uded]

@phxql, I am really sorry - the effect of typing a comment in the middle of the night. I meant salt providing meaning that it would be IMHO beneficial to create a regular hash method that would accept salt. Preferably secret and additional as well as it improves security by a factor if used properly...

I do not mind the current ref string returned by the method. Just the input params are a problem for me. Especially that I rewrote a native Java version of Argon2 and I would love to use your library for testing as a wrapper for the reference implementation.

[phxql]

Can you please create a new ticket for that? Then I will take a look into it, thanks :)

[phxql]

There is a method in de.mkammerer.argon2.Argon2Advanced#rawHash(int, int, int, char[], java.nio.charset.Charset, byte[]) which accepts a user-provided salt. Is that usable for you?

[uded]

de.mkammerer.argon2.Argon2Advanced#rawHash(int, int, int, char[], java.nio.charset.Charset, byte[]) is what I currently use. But what I can't easily do with your library is to go from there to the same result as de.mkammerer.argon2.Argon2#hash(int, int, int, char[]), which gives me a ref string representation. Obviously, I could calculate that on my level, but that defeats the purpose of trying to be inline with reference implementation...

45 was created

[BlueRaja]

You need to set the salt to use Argon as a PBKDF...

[phxql]

The library serves two use cases:

1. hash a given password to a hash
2. verify that a hash belongs to the given password

Neither 1. or 2. mandates that the user provides the salt. In case 1. the library generates the salt. In case 2. the library reads the salt from the hash and uses that.

[phxql]

If you want to use Argon2 as PBKDF, use the de.mkammerer.argon2.Argon2Advanced#rawHash(int, int, int, char[], java.nio.charset.Charset, byte[]) method. It allows you to set the salt. If you want to alter the derived key length (default is 256 bit), use the de.mkammerer.argon2.Argon2Factory#createAdvanced(de.mkammerer.argon2.Argon2Factory.Argon2Types, int, int) method to create an instance of Argon2Advanced.