Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Add support for the Argon2 hashing algorithm

Description

Add support for the Argon2 hashing algorithm that was the winner of the most recent "Password Hashing Competition" (https://password-hashing.net/). The public repo for the algorithm can be found here:

https://github.com/p-h-c/phc-winner-argon2

Specification PDF here:

https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf

There is some information here about using it with Java:

https://www.twelve21.io/how-to-use-argon2-for-password-hashing-in-java/

and there is an online generator here that can be used to validate the output from a new Lucee function:

https://argon2.online/

Suggest the name of the function would be:

`GenerateArgon2Hash`

with parameters of:

  • Variant (either Argon2i, Argon2d or Argon2id)

  • Text Input (the value to be hashed)

  • Salt (the salt to be used)

  • Parallelism Factor (a number between 1 and 10

  • Memory cost (a number between 8 and 100000)

  • Iterations (a number between 1 and 20)

  • Hash Length (a number between 4 and 100)

Activity

Show:

Conrad T. Pino 16 December 2023 at 22:14

Pull Request #1055 removed "variant" argument from "Argon2CheckHash" function for Lucee 6, a breaking change. Please add "breaking-change" label.

Zac Spitzer 19 January 2022 at 21:25

yeah looks and smells wrong, open a new ticket

Matthew Clemente 19 January 2022 at 20:52

I can create a new issue for this, unless I’m misreading something here. It looks like the memory value is being multiplied by itself here: https://github.com/lucee/Lucee/blob/7deda928b828475045d09225c15245bfddc8a39a/core/src/main/java/lucee/runtime/functions/other/GenerateArgon2Hash.java#L58

So, I’m passing in 12 for the memory, but it ends up using 144.

Now, I’m new to Argon2 - is this expected behavior? I can put together a repro if needed, for a separate ticket.

Zac Spitzer 20 May 2021 at 10:45

Mircea Botez 5 October 2020 at 16:18
Edited

is right. I’ve fixed my mistake in core-base.fld and also I’ve removed the unnecessary variant argument. Thanks for the input. This is the pull request https://github.com/lucee/Lucee/pull/1055 .

Fixed

Details

Assignee

Reporter

Labels

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Sprint

Fix versions

Priority

Created 9 May 2020 at 13:37
Updated 16 December 2023 at 22:14
Resolved 28 August 2020 at 13:05

Flag notifications