Password Hashing _Argon2 (Default) - Chewhern/ASodium GitHub Wiki
For detail documentation, kindly refers to official libsodium.
When choosing password parameters for secure storing and processing(both KDF and hashing), it's best to follow official libsodium documentation as they have given out guidelines on how to choose the parameters.. This is a very serious security warning as failure in choosing the parameters will result in serious security vulnerabilities within your program which people can exploit on.
For full details on the strength and the enum properties for this wrapper library, kindly refer to this link.
(https://github.com/Chewhern/ASodium/blob/main/Source/SodiumPasswordHashArgon2.cs)
Deriving key from password
There're 2 types of key derivation, key derivation that allows developers to supply custom parameters into the hashing algorithms and there're default parameters which developers can then override if they think it's required.
Default Key Derivation
Initial Function
public static Byte[] Argon2PBKDF(long DerivedKeyLength, Byte[] Password, Byte[] Salt,Strength strength=Strength.MODERATE, Algorithm algorithm = Algorithm.DEFAULT,Boolean ClearKey=false)
Example Code
Byte[] RandomPasswords = SodiumRNG.GetRandomBytes(128);
Byte[] Salt = SodiumPasswordHashArgon2.GenerateSalt();
Byte[] DerivedKey = SodiumPasswordHashArgon2.Argon2PBKDF(32, RandomPasswords, Salt,SodiumPasswordHashArgon2.Strength.SENSITIVE);
//or it can also be
//Byte[] DerivedKey = SodiumPasswordHashArgon2.Argon2PBKDF(32, RandomPasswords, Salt);
MessageBox.Show(new System.Numerics.BigInteger(DerivedKey).ToString());
Custom Parameter Key Derivation
Initial Function
public static Byte[] Argon2PBKDFCustom(long DerivedKeyLength,Byte[] Password,Byte[] Salt,ulong OpsLimit,long MemLimit,Algorithm algorithm = Algorithm.DEFAULT,Boolean ClearKey=false)
Example Code
Byte[] RandomPasswords = SodiumRNG.GetRandomBytes(128);
Byte[] Salt = SodiumPasswordHashArgon2.GenerateSalt();
Byte[] DerivedKey = SodiumPasswordHashArgon2.Argon2PBKDFCustom(32, RandomPasswords, Salt, 5, 1610612736);
MessageBox.Show(new System.Numerics.BigInteger(DerivedKey).ToString());
//refer to libsodium documentation to decide your own parameters for opslimit and memlimit
Password Hashing and Storing
Initial Function
public static Boolean VerifyPasswordString(String HashedPasswordWithParamString,Byte[] Password,Boolean ClearKey=false)
Default Password Hashing and Storing
Initial Function
public static String Argon2HashPassword(Byte[] Password,Strength strength=Strength.MODERATE,Boolean ClearKey=false)
Example Code
Byte[] RandomPasswords = SodiumRNG.GetRandomBytes(128);
Byte[] Salt = SodiumPasswordHashArgon2.GenerateSalt();
String HashedPasswordWithParam = SodiumPasswordHashArgon2.Argon2HashPassword(RandomPasswords);
MessageBox.Show(HashedPasswordWithParam);
Custom supplied parameter hashing and storing
Initial Function
public static String Argon2CustomParamHashPassword(Byte[] Password, ulong OpsLimit, long MemLimit,Boolean ClearKey=false)
Example Code
Byte[] RandomPasswords = SodiumRNG.GetRandomBytes(128);
Byte[] Salt = SodiumPasswordHashArgon2.GenerateSalt();
String HashedPasswordWithParam = SodiumPasswordHashArgon2.Argon2CustomParamHashPassword(RandomPasswords,5, 1610612736);
MessageBox.Show(HashedPasswordWithParam);
Checking if a hashed password needs rehash
Initial Function
public static int CustomParamsPasswordNeedsRehash(String HashedPasswordWithParamString,ulong OpsLimit,long MemLimit)
public static int PasswordNeedsRehash(String HashedPasswordWithParamString,Strength strength = Strength.MODERATE)
Example Code
Byte[] RandomPasswords = SodiumRNG.GetRandomBytes(128);
Byte[] Salt = SodiumPasswordHashArgon2.GenerateSalt();
String HashedPasswordWithParam = SodiumPasswordHashArgon2.Argon2HashPassword(RandomPasswords);
int Status = SodiumPasswordHashArgon2.PasswordNeedsRehash(HashedPasswordWithParam, SodiumPasswordHashArgon2.Strength.MODERATE);
MessageBox.Show(Status.ToString());
//Refer to libsodium for documentation