rbnacl
rbnacl copied to clipboard
Published
20 hours ago •
RubyCrypto
RubyCrypto
OPSLIMIT_MIN is incorrect for Argon2i when Argon2id is available
Argon2.opslimit_value's documentation, and the ArgumentError it raises, state the value must be in the range of 3..10. This claimed lower limit is incorrect for Argon2id, where OPSLIMIT_MIN is 1.
It seems this leads to some buggy behavior when performing Argon2i operations while Argon2id is available through libsodium.
Reproducer
salt = RbNaCl::Random.random_bytes(RbNaCl::PasswordHash::Argon2::SALTBYTES)
puts 'ok' if RbNaCl::PasswordHash.argon2id('foo', salt, 3, 8192, 64)
begin
RbNaCl::PasswordHash.argon2id('foo', salt, 1, 8192, 64)
puts 'ok, but...'
rescue => e
pp e
end
begin
RbNaCl::PasswordHash.argon2id('foo', salt, 0, 8192, 64)
puts 'ok'
rescue => e
pp e
end
begin
RbNaCl::PasswordHash.argon2id('foo', salt, 1, 8191, 64)
rescue => e
pp e
end
puts 'ok' if RbNaCl::PasswordHash.argon2i('foo', salt, 3, 8192, 64)
begin
RbNaCl::PasswordHash.argon2i('foo', salt, 2, 8192, 64)
rescue => e
pp e
end
begin
RbNaCl::PasswordHash.argon2i('foo', salt, 3, 8191, 64)
rescue => e
pp e
end
Expected
ok
ok, but...
#<ArgumentError: opslimit must be within the range 1..10>
#<ArgumentError: memlimit must be within the range 2**(13..32)>
ok
#<ArgumentError: opslimit must be within the range 3..10>
#<ArgumentError: memlimit must be within the range 2**(13..32)>
Actual
ok
ok, but...
#<ArgumentError: opslimit must be within the range 3..10> # Incorrect minimum, should be 1
#<ArgumentError: memlimit must be within the range 2**(13..32)>
ok
#<RbNaCl::CryptoError: ARGON2_OUTPUT_PTR_NULL> # oops?
#<ArgumentError: memlimit must be within the range 2**(13..32)>
Also, the documented values for :moderate, :interactive and :sensitive are incorrect for Argon2id.
