PDA

View Full Version : Can you pass the salt please



Focus
15-Jul-2019, 08:34 AM
I was just having a quick look at the security library examples, specifically the passcode playground

Each time I click on the storage string button I get a different result back, as one would expect

Looking in the debugger ultimately the process is calling CryptoPwhashArgon2idStr which calls the external function in the library libsodium_crypto_pwhash_argon2id_str

However no salt is passed

Clearly the whole process works as does the verify function when called from the library

My only real question is there must be some random element at play here to give a different result each time but it does not appear to need to be passed when decoding is required

So what am I missing ?

Joao Mauricio Rinardo
2-Sep-2019, 03:34 PM
Hi!

The random salt is generated automatically by the Argon2 function: https://libsodium.gitbook.io/doc/password_hashing/the_argon2i_function.

All information needed to verify the generated hash is part of the encoded string returned by the Argon2 function.

I hope it helps you.

Best Regards,