Pass salt explicitly to argon2di

pyca / pynacl

Python binding to the Networking and Cryptography (NaCl) library

https://pynacl.readthedocs.io/

Apache License 2.0

1.05k stars 228 forks source link

Pass salt explicitly to argon2di #438

Closed boompig closed 6 years ago

boompig commented 6 years ago

Is there a way to explicitly pass salt to argon2id?

I don't know too much about how the implementation details of this library, so excuse me if this is wrong. I took a look at src/bindings/crypto_pwhash.h and found this function:

But it doesn't look like it takes a salt parameter.

int crypto_pwhash_str_alg(char out[128],
                          const char * const passwd,
                          unsigned long long passwdlen,
                          unsigned long long opslimit,
                          size_t memlimit,
                          int alg);

Does this mean it's impossible to pass a salt value?

lmctv commented 6 years ago

The .str() methods of all password hashing implementations generate a random salt, as a a means to force avoidance of vulnerabilities stemming from repeated salt usage. If instead of a modular crypt string representation you could use a binary derived key, you can pass a user defined salt to the .kdf() method, as documented in pynacl docs:

https://pynacl.readthedocs.io/en/stable/password_hashing/#key-derivation