Closed seantcanavan closed 6 years ago
The salt length you can specify when creating Argon2 instances is only used to generate a salt of the given length if you don't supply one. If you supply the salt yourself, you can use every salt length.
That's good to know. I poured through the code for a bit and couldn't find any relevant comments about the hash length constructor argument vs parameter so figured I'd open a question. For now I've implemented my own hash length check inside the verify
and hash
calls.
I'll add JavaDoc to clarify that.
...
I thought that using a salt length different than what the Argon2D algorithm was defined as would throw an error? Was this assumption wrong? I need help writing more tests to make sure my code is working as expected.