You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/crypt.tex
+40Lines changed: 40 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -7589,6 +7589,46 @@ \subsection{bcrypt}
7589
7589
where \textit{outlen} contains the available buffer size on input and the written size after the invocation.
7590
7590
7591
7591
7592
+
\subsection{Argon2}
7593
+
\index{Argon2}
7594
+
\label{argon2}
7595
+
7596
+
Argon2 is a memory-hard password hashing function defined in \href{https://datatracker.ietf.org/doc/html/rfc9106}{\texttt{RFC 9106}}.
7597
+
It is the winner of the 2015 \href{https://www.password-hashing.net/}{Password Hashing Competition} and is recommended for new applications that require password hashing or key derivation from passwords.
7598
+
7599
+
Three variants are provided:
7600
+
7601
+
\begin{description}
7602
+
\item[Argon2d] uses data-dependent memory access, which makes it faster but susceptible to side-channel attacks. Suitable for applications with no threats from side-channels.
7603
+
\item[Argon2i] uses data-independent memory access, which is preferred when side-channel resistance is needed.
7604
+
\item[Argon2id] is a hybrid that uses data-independent addressing for the first half of the first pass and data-dependent addressing for the remainder. This is the recommended variant for password hashing.
7605
+
\end{description}
7606
+
7607
+
The implementation uses the BLAKE2b hash function internally. To enable Argon2, define \texttt{LTC\_ARGON2} in \textit{tomcrypt\_custom.h} (it also requires \texttt{LTC\_BLAKE2B}).
7608
+
7609
+
\index{argon2\_hash()}
7610
+
\begin{alltt}
7611
+
int argon2_hash(const unsigned char *pwd, unsigned long pwdlen,
7612
+
const unsigned char *salt, unsigned long saltlen,
7613
+
const unsigned char *secret, unsigned long secretlen,
7614
+
const unsigned char *ad, unsigned long adlen,
7615
+
unsigned int t_cost, unsigned int m_cost,
7616
+
unsigned int parallelism,
7617
+
argon2_type type,
7618
+
unsigned char *out, unsigned long outlen);
7619
+
\end{alltt}
7620
+
7621
+
The \textit{pwd} parameter is the password of length \textit{pwdlen}.
7622
+
The \textit{salt} parameter is a random salt of length \textit{saltlen}; a minimum of 16 bytes is recommended.
7623
+
The \textit{secret} and \textit{ad} parameters are optional (may be \texttt{NULL} with a length of zero); they allow passing a secret key and associated data respectively.
7624
+
The \textit{t\_cost} parameter is the number of passes over the memory (minimum 1).
7625
+
The \textit{m\_cost} parameter is the memory usage in kibibytes (minimum $8\times\textit{parallelism}$).
7626
+
The \textit{parallelism} parameter is the number of lanes (minimum 1); note that this implementation is single-threaded, so increasing this value changes the algorithm output but does not improve performance.
7627
+
The \textit{type} parameter selects the variant: \texttt{ARGON2\_D}, \texttt{ARGON2\_I}, or \texttt{ARGON2\_ID}.
7628
+
The output tag of length \textit{outlen} (minimum 4 bytes) is written to \textit{out}.
7629
+
The function returns \texttt{CRYPT\_OK} on success, \texttt{CRYPT\_MEM} if memory allocation fails, or \texttt{CRYPT\_INVALID\_ARG} if any parameter is out of range.
0 commit comments