DevToys
DevToys copied to clipboard
DevToys-app
Add Argon2 hashes
Vote on this issue by adding a 👍 reaction. If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)
Is your feature request related to a problem? Please describe. I miss possibility to use argon2 hashers.
Describe the solution you'd like I'd love to be able to hash a string using argon2i/argon2d/argon2id.
Describe alternatives you've considered Use the https://argon2.online/
Additional context It should be separate option, as this hash needs salt, parallelism factor, memory cost, iterations and hash length
I'd like to work on that. I already implemented a simple version for Argon2i Hashes
Just let me know what you think could be enhanced or if you are happy with the layout 👍
@david-ruitter Wow, I'm so glad you want to work on that!
I would have a few suggestions to your design, but foremost I want to say it's excellent, and I can't wait to see it in work. What I want to suggest is:
- Add the result field for encoded hash (i.e.
$argon2i$v=19$m=16,t=2,p=1$blNMdWl5RVZ2bGgyc2tucw$Km2yJvJPsf2sp8TRyliTVA). - Add the ability to choose between Argon2i, Argon2d and Argon2id.
- Add the ability to randomize 16-chars salt (including upper and lower case letters and digits).
I'm also wondering if every row of the configuration must take the whole width, a lot of space is wasted. However, the description can be quite long and shorter field can look far worst. It's simply to consider.
But as I said, I'm so happy you are going to implement it. Kudos from me!
@Andret2344 Thanks for the nice feedback! I'm going to start working on the points you stated here 👍 As for the design i took inspiration of how other tools look like, maybe @veler could also add his opinion on this. Best Regards
Hi, Thank you for suggesting this idea and thank you @david-ruitter for starting an early implementation! I should admit I'm not familiar with Argon2 at all. I'm discovering it while reading this ticket. :)
I'm not opposed to the addition of such a tool but would like to make sure I understand a few things:
- My understanding from Argon2 is that it's a hashing technique for password (mostly? please educate me on the subject since I'm not familiar with it 😅). In what scenario would you need to manually generate such a hash? (I think I have an answer but would love reading an example from you folks)
- In term of implementation, is there an existing .Net library for it or do we need to implement it ourselves?
- Any idea of how often Argon2 is used? Just asking because, again, I never heard of it before (it's been years I didn't deal with passwords) 😅
Regarding the UI, I like it overall. Of course, we will need to figure out a good icon for it but that's something we can figure out later.
I second what @Andret2344 mentioned. In short, having the exact same set of features than https://argon2.online/ may be the right thing to do, unless you have arguments against that (I don't know, perhaps these extra features aren't that useful?).
For generating a salt automatically, we may need to add a button next to Paste. The current Paste button, TextBox and Header are all part of a same control CustomTextBox. We will need to edit this control to add the button for generating the salt.
Since this extra button isn't common to other tools, I'd suggest making the button customizable through some new properties in the control that would allow to:
- Set the text of the button. Having a text defined could be a sufficient condition to make the control visible.
- The button could appear to the left of other ones above the TextBox.
- Let's add a ICommand property that would allow to execute a command when clicking the button.
This way, when consuming the control in the tool's UI, we would have to set the button text and a command to be able to run something when the user clicks on it. What do you think of this approach?
Alternatively, we could simply put a button outside of the CustomTextBox control, either above or to the right of it.
Thanks, @veler for taking part in discussion ;)
To answer your doubts:
- You're right, Argon2 hashes are used mostly (if not only) in password hashing.
- The scenario to manually generate it is something I faced multiple times, when developing symfony (PHP) backend webpage. I choose to use Argon2 as the most secure option, as in 2015 it won the Password Hashing Competition and is dedicated to password hashing since then. When I want to test logging to my service, I need to manually change passwords in database (assuming my service is growing, and no dedicated way exists), or creating new users to test. In general, authentication testing purpose.
- Due to
Oletter in SOLID acronym, what means "Open-close principle" defined as "Open for extensions, closed for modifications", I agree that extending the component to optionally added fourth button and add its behavior is better than separated component. However, I'm not familiar with C# at all (#javadevhere), so I may be wrong.
In addition, @david-ruitter, when you are ready with all the functionality, ping me, I can translate to Polish :D
BR
EDIT: HERE is the Medium article with explanation why Argon2 is the best choice (expecially Argon2id)
Gotcha, thank you for all these explanations. :) @david-ruitter, feel free to keep working on it at your rythme.
node -e "require('argon2').hash('12345').then(data => console.log(data));" the poor man's argon example hash :D
