phc-argon2 icon indicating copy to clipboard operation
phc-argon2 copied to clipboard

Published 20 hours ago • verified publisher icon simonepri

generated hash does not meet specification in parameter order

Open mcdurdin opened this issue 4 years ago • 4 comments

The hash generated by these functions does not meet the specification, for example with this hash generated from password 'password':

$argon2id$v=19$t=2,m=15360,p=1$dTrnxd5KI59MDnWmdM3sZQ$dWdm8NkGkSmtN7ht5eQig872oo1dQenivc450xZ1BKY

The specification requires the parameters to be in a specific order:

The parameters shall appear in the m,t,p,keyid,data order. The keyid and data parameters are optional; the three others are NOT optional.

mcdurdin avatar Sep 06 '21 06:09 mcdurdin

Any update on this? My app in java can not verify the hash from this package because of this issue

nhanledev avatar Oct 26 '21 14:10 nhanledev

This is where cause the problem. https://github.com/simonepri/phc-argon2/blob/900c5aea9185b69a677ce27ce06aa8a9526222fd/index.js#L172

nhanledev avatar Oct 26 '21 14:10 nhanledev

Any update on this? My app in java can not verify the hash from this package because of this issue

Hello, I have the same issue. My Spring Auth service cannot verify this hash, did you find any workaround ? I use AdonisJS

kamilcglr avatar Dec 09 '21 21:12 kamilcglr

The workaround is re-ordering the params object here https://github.com/simonepri/phc-argon2/blob/900c5aea9185b69a677ce27ce06aa8a9526222fd/index.js#L171

        params: {
          m: memory,
          t: iterations,
          p: parallelism
        },

nhanledev avatar May 11 '22 08:05 nhanledev