Class Argon2

Argon2 Hashing of passwords.

Inheritance

System.Object

Argon2

Implements

System.IDisposable

Inherited Members

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.ToString()

Namespace: Isopoh.Cryptography.Argon2

Assembly: Isopoh.Cryptography.Argon2.dll

Syntax

public sealed class Argon2 : IDisposable

Constructors

| Improve this Doc View Source

Argon2(Argon2Config)

Initializes a new instance of the Argon2 class.

Declaration

public Argon2(Argon2Config config)

Parameters

Type	Name	Description
Argon2Config	config	The configuration to use.

Fields

| Improve this Doc View Source

BlockSize

The Argon2 block size in bytes.

Declaration

public const int BlockSize = 1024

Field Value

Type	Description
System.Int32

| Improve this Doc View Source

CsharpMaxBlocksPerArray

C# has a limit of 0X7FEFFFFF elements per array (0x7FFFFFC7 per byte array). The blocks are 1024 bytes long, the elements are 8 bytes (ulong). This gives 0X7FEFFFFF / 128 blocks per C# array.

Declaration

public const int CsharpMaxBlocksPerArray = 16769023

Field Value

Type	Description
System.Int32

| Improve this Doc View Source

PrehashDigestLength

The number of bytes hashed in initializing Argon2.

Declaration

public const int PrehashDigestLength = 64

Field Value

Type	Description
System.Int32

| Improve this Doc View Source

PrehashSeedLength

Bytes required in the buffer passed into the Isopoh.Cryptography.Argon2.Argon2.FillFirstBlocks(System.Byte[]) method.

Declaration

public const int PrehashSeedLength = 72

Field Value

Type	Description
System.Int32

| Improve this Doc View Source

QwordsInBlock

The number of 8-byte words in an Argon2 block.

Declaration

public const int QwordsInBlock = 128

Field Value

Type	Description
System.Int32

| Improve this Doc View Source

SyncPointCount

Number of synchronization points between lanes per pass.

Declaration

public const int SyncPointCount = 4

Field Value

Type	Description
System.Int32

Properties

| Improve this Doc View Source

LaneBlockCount

Gets the number of memory blocks per lane. SegmentBlockCount * SyncPointCount.

Declaration

public int LaneBlockCount { get; }

Property Value

Type	Description
System.Int32

| Improve this Doc View Source

Memory

Gets the MemoryBlockCount blocks.

Declaration

public Blocks Memory { get; }

Property Value

Type	Description
Blocks

| Improve this Doc View Source

MemoryBlockCount

Gets the number of memory blocks, (Lanes*LaneBlockCount).

Declaration

public int MemoryBlockCount { get; }

Property Value

Type	Description
System.Int32

| Improve this Doc View Source

SegmentBlockCount

Gets the number of memory blocks per segment. This value gets derived from the memory cost. The memory cost value is a request for that number of blocks. If that request is less than (2 * SyncPointCount) times the number of lanes requested, it is first bumped up to that amount. Then, it may be reduced to fit on a SyncPointCount times the number of lanes requested boundary.

Declaration

public int SegmentBlockCount { get; }

Property Value

Type	Description
System.Int32

Methods

| Improve this Doc View Source

Dispose()

Zero sensitive memories and dispose of resources.

Declaration

public void Dispose()

| Improve this Doc View Source

FixedTimeEquals(SecureArray<Byte>, SecureArray<Byte>)

Compare two SecureArrays without leaking timing information.

Declaration

public static bool FixedTimeEquals(SecureArray<byte> left, SecureArray<byte> right)

Parameters

Type	Name	Description
SecureArray<System.Byte>	left	The first SecureArray to compare.
SecureArray<System.Byte>	right	The second SecureArray to compare.

Returns

Type	Description
System.Boolean	true if left and right have the same values for Length and the same contents; otherwise, false.

Remarks

Uses System.Security.Cryptography.CryptographicOperations.FixedTimeEquals() when available; otherwise implements a similar algorithm.

| Improve this Doc View Source

Hash()

Perform the hash.

Declaration

public SecureArray<byte> Hash()

Returns

Type	Description
SecureArray<System.Byte>	The hash bytes.

| Improve this Doc View Source

Hash(Argon2Config)

Hash the given password to a Argon2 hash string.

Declaration

public static string Hash(Argon2Config configToHash)

Parameters

Type	Name	Description
Argon2Config	configToHash	Contains all the information used to create the hash returned.

Returns

Type	Description
System.String	The Argon2 hash of the given password.

| Improve this Doc View Source

Hash(Byte[], Byte[], Int32, Int32, Int32, Argon2Type, Int32, SecureArrayCall)

Hash the given password to a Argon2 hash string.

Declaration

public static string Hash(byte[] password, byte[] secret, int timeCost = 3, int memoryCost = 65536, int parallelism = 1, Argon2Type type = Argon2Type.HybridAddressing, int hashLength = 32, SecureArrayCall secureArrayCall = null)

Parameters

Type	Name	Description
System.Byte[]	password	The password to hash. Gets UTF-8 encoded before hashing.
System.Byte[]	secret	The secret to use in creating the hash.
System.Int32	timeCost	The time cost to use. Defaults to 3.
System.Int32	memoryCost	The target memory cost to use. Defaults to 65536 (65536 * 1024 = 64MB). MemoryCost for detail on calculating the actual memory used from this value.
System.Int32	parallelism	The parallelism to use. Default to 1 (single threaded).
Argon2Type	type	Data-dependent, data-independent, or hybrid. Defaults to hybrid (as recommended for password hashing).
System.Int32	hashLength	The length of the hash in bytes. Note, the string returned base-64 encodes this with other parameters so the resulting string is significantly longer.
SecureArrayCall	secureArrayCall	The methods that get called to secure arrays. A null value defaults to SecureArray.DefaultCall.

Returns

Type	Description
System.String	The Argon2 hash of the given password.

| Improve this Doc View Source

Hash(String, Int32, Int32, Int32, Argon2Type, Int32, SecureArrayCall)

Hash the given password to a Argon2 hash string.

Declaration

public static string Hash(string password, int timeCost = 3, int memoryCost = 65536, int parallelism = 1, Argon2Type type = Argon2Type.HybridAddressing, int hashLength = 32, SecureArrayCall secureArrayCall = null)

Parameters

Type	Name	Description
System.String	password	The password to hash. Gets UTF-8 encoded before hashing.
System.Int32	timeCost	The time cost to use. Defaults to 3.
System.Int32	memoryCost	The target memory cost to use. Defaults to 65536 (65536 * 1024 = 64MB). MemoryCost for detail on calculating the actual memory used from this value.
System.Int32	parallelism	The parallelism to use. Defaults to 1 (single threaded).
Argon2Type	type	Data-dependent, data-independent, or hybrid. Defaults to hybrid (as recommended for password hashing).
System.Int32	hashLength	The length of the hash in bytes. Note, the string returned base-64 encodes this with other parameters so the resulting string is significantly longer.
SecureArrayCall	secureArrayCall	The methods that get called to secure arrays. A null value defaults to SecureArray.DefaultCall.

Returns

Type	Description
System.String	The Argon2 hash of the given password.

| Improve this Doc View Source

Hash(String, String, Int32, Int32, Int32, Argon2Type, Int32, SecureArrayCall)

Hash the given password to a Argon2 hash string.

Declaration

public static string Hash(string password, string secret, int timeCost = 3, int memoryCost = 65536, int parallelism = 1, Argon2Type type = Argon2Type.HybridAddressing, int hashLength = 32, SecureArrayCall secureArrayCall = null)

Parameters

Type	Name	Description
System.String	password	The password to hash. Gets UTF-8 encoded before hashing.
System.String	secret	The secret to use in creating the hash. UTF-8 encoded before hashing. May be null. A `string.Empty` is treated the same as null.
System.Int32	timeCost	The time cost to use. Defaults to 3.
System.Int32	memoryCost	The target memory cost to use. Defaults to 65536 (65536 * 1024 = 64MB). MemoryCost for detail on calculating the actual memory used from this value.
System.Int32	parallelism	The parallelism to use. Default to 1 (single threaded).
Argon2Type	type	Data-dependent, data-independent, or hybrid. Defaults to hybrid (as recommended for password hashing).
System.Int32	hashLength	The length of the hash in bytes. Note, the string returned base-64 encodes this with other parameters so the resulting string is significantly longer.
SecureArrayCall	secureArrayCall	The methods that get called to secure arrays. A null value defaults to SecureArray.DefaultCall.

Returns

Type	Description
System.String	The Argon2 hash of the given password.

| Improve this Doc View Source

Verify(String, Argon2Config)

Verify the given Argon2 hash as being that of the given password.

Declaration

public static bool Verify(string encoded, Argon2Config configToVerify)

Parameters

Type	Name	Description
System.String	encoded	The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
Argon2Config	configToVerify	The configuration that contains the values used to created `encoded`.

Returns

Type	Description
System.Boolean	True on success; false otherwise.

| Improve this Doc View Source

Verify(String, Byte[], SecureArrayCall)

Verify the given Argon2 hash as being that of the given password.

Declaration

public static bool Verify(string encoded, byte[] password, SecureArrayCall secureArrayCall = null)

Parameters

Type	Name	Description
System.String	encoded	The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
System.Byte[]	password	The password to verify.
SecureArrayCall	secureArrayCall	The methods that get called to secure arrays. A null value defaults to SecureArray.DefaultCall.

Returns

Type	Description
System.Boolean	True on success; false otherwise.

| Improve this Doc View Source

Verify(String, Byte[], Byte[], SecureArrayCall)

Verify the given Argon2 hash as being that of the given password.

Declaration

public static bool Verify(string encoded, byte[] password, byte[] secret, SecureArrayCall secureArrayCall = null)

Parameters

Type	Name	Description
System.String	encoded	The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
System.Byte[]	password	The password to verify.
System.Byte[]	secret	The secret hashed into the password.
SecureArrayCall	secureArrayCall	The methods that get called to secure arrays. A null value defaults to SecureArray.DefaultCall.

Returns

Type	Description
System.Boolean	True on success; false otherwise.

| Improve this Doc View Source

Verify(String, Byte[], Byte[], Int32, SecureArrayCall)

Verify the given Argon2 hash as being that of the given password.

Declaration

public static bool Verify(string encoded, byte[] password, byte[] secret, int threads, SecureArrayCall secureArrayCall = null)

Parameters

Type	Name	Description
System.String	encoded	The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
System.Byte[]	password	The password to verify.
System.Byte[]	secret	The secret hashed into the password.
System.Int32	threads	The number of threads to use. Setting this to a higher number than the "p=" parameter in the `encoded` string doesn't cause even more parallelism.
SecureArrayCall	secureArrayCall	The methods that get called to secure arrays. A null value defaults to SecureArray.DefaultCall.

Returns

Type	Description
System.Boolean	True on success; false otherwise.

| Improve this Doc View Source

Verify(String, Byte[], Int32, SecureArrayCall)

Verify the given Argon2 hash as being that of the given password.

Declaration

public static bool Verify(string encoded, byte[] password, int threads, SecureArrayCall secureArrayCall = null)

Parameters

Type	Name	Description
System.String	encoded	The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
System.Byte[]	password	The password to verify.
System.Int32	threads	The number of threads to use. Setting this to a higher number than the "p=" parameter in the `encoded` string doesn't cause even more parallelism.
SecureArrayCall	secureArrayCall	The methods that get called to secure arrays. A null value defaults to SecureArray.DefaultCall.

Returns

Type	Description
System.Boolean	True on success; false otherwise.

| Improve this Doc View Source

Verify(String, String, SecureArrayCall)

Verify the given Argon2 hash as being that of the given password.

Declaration

public static bool Verify(string encoded, string password, SecureArrayCall secureArrayCall = null)

Parameters

Type	Name	Description
System.String	encoded	The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
System.String	password	The password to verify. This gets UTF-8 encoded.
SecureArrayCall	secureArrayCall	The methods that get called to secure arrays. A null value defaults to SecureArray.DefaultCall.

Returns

Type	Description
System.Boolean	True on success; false otherwise.

| Improve this Doc View Source

Verify(String, String, Int32, SecureArrayCall)

Verify the given Argon2 hash as being that of the given password.

Declaration

public static bool Verify(string encoded, string password, int threads, SecureArrayCall secureArrayCall = null)

Parameters

Type	Name	Description
System.String	encoded	The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
System.String	password	The password to verify. This gets UTF-8 encoded.
System.Int32	threads	The number of threads to use. Setting this to a higher number than the "p=" parameter in the `encoded` string doesn't cause even more parallelism.
SecureArrayCall	secureArrayCall	The methods that get called to secure arrays. A null value defaults to SecureArray.DefaultCall.

Returns

Type	Description
System.Boolean	True on success; false otherwise.

| Improve this Doc View Source

Verify(String, String, String, SecureArrayCall)

Verify the given Argon2 hash as being that of the given password.

Declaration

public static bool Verify(string encoded, string password, string secret, SecureArrayCall secureArrayCall = null)

Parameters

Type	Name	Description
System.String	encoded	The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
System.String	password	The password to verify. This gets UTF-8 encoded.
System.String	secret	The secret used in the creation of `encoded`. UTF-8 encoded to create the byte-buffer actually used in the verification. May be null for no secret. `string.Empty` is treated as null.
SecureArrayCall	secureArrayCall	The methods that get called to secure arrays. A null value defaults to SecureArray.DefaultCall.

Returns

Type	Description
System.Boolean	True on success; false otherwise.

| Improve this Doc View Source

Verify(String, String, String, Int32, SecureArrayCall)

Verify the given Argon2 hash as being that of the given password.

Declaration

public static bool Verify(string encoded, string password, string secret, int threads, SecureArrayCall secureArrayCall = null)

Parameters

Type	Name	Description
System.String	encoded	The Argon2 hash string. This has the actual hash along with other parameters used in the hash.
System.String	password	The password to verify. This gets UTF-8 encoded.
System.String	secret	The secret used in the creation of `encoded`. UTF-8 encoded to create the byte-buffer actually used in the verification. May be null for no secret. `string.Empty` is treated as null.
System.Int32	threads	The number of threads to use. Setting this to a higher number than the "p=" parameter in the `encoded` string doesn't cause even more parallelism.
SecureArrayCall	secureArrayCall	The methods that get called to secure arrays. A null value defaults to SecureArray.DefaultCall.

Returns

Type	Description
System.Boolean	True on success; false otherwise.

Implements

System.IDisposable