search

technion / ruby-argon2

A Ruby gem offering bindings for Argon2 password hashing
MIT License
229 stars 30 forks source link

Incompatible with other versions of Argon2 #38

Closed kingsleyh closed 3 years ago

kingsleyh commented 3 years ago

Hi,

Is there any way to make this library compatible with these Javascript versions of Argon2:

Both of these agree with each other regarding hashes generated:

https://argon2.online/ https://github.com/ranisalt/node-argon2

both of the Javascript ones produce the same hash for the given parameters. However this library gives a different hash for the same input parameters.

for example:

Argon2::Engine.hash_argon2i("password","superdupersalt",2, 16)
# d0d101ed0cf5030421f927e714d73e9ccf1f3e824d94b3d3fa49e9aa128b3afe

but in Javascript using ()

password = "password"
salt = "superdupersalt"
memory = 16
iterations = 2
parallel = 1
16742c5cdfcf7d771b2bce3e95cd44071ee7718fd191b50a9fb183da3b1e5888

and using the node-argon2 library:

password = "password"
salt = "superdupersalt"
memory = 16
iterations = 2

const hash = await argon2.hash(password, {
        type: argon2.argon2i,
        hashLength: 32,
        timeCost: iterations,
        memoryCost: memory,
        parallelism: 1,
        raw: true,
        salt
    });
16742c5cdfcf7d771b2bce3e95cd44071ee7718fd191b50a9fb183da3b1e5888

Please could you let me know if you know why this library produces different results to the Javascript ones above. And if possible how I can get them to be compatible - whether that be modifying this ruby project or modifying the javascript projects?

Your help greatly appreciated

Thanks

--Kingsley

kingsleyh commented 3 years ago

Hi

nevermind I figured it out - it was that the memory cost parameter was not in the same format - got it working now thanks :)