-
Notifications
You must be signed in to change notification settings - Fork 17.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/argon2: wrong keys are computed if parallelism degree > 1 #23200
Labels
Milestone
Comments
Change https://golang.org/cl/85055 mentions this issue: |
c-expert-zigbee
pushed a commit
to c-expert-zigbee/crypto_go
that referenced
this issue
Mar 28, 2022
This change fixes an incorrect key derivation if the degree of parallelism is greater than 1. This change adds additional test vectors generated by the https://github.com/P-H-C/phc-winner-argon2 CLI. Fixes golang/go#23200 Change-Id: I8add8382b9e9ebbf9a70493050867c9af4ed6aa7 Reviewed-on: https://go-review.googlesource.com/85055 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
c-expert-zigbee
pushed a commit
to c-expert-zigbee/crypto_go
that referenced
this issue
Mar 29, 2022
This change fixes an incorrect key derivation if the degree of parallelism is greater than 1. This change adds additional test vectors generated by the https://github.com/P-H-C/phc-winner-argon2 CLI. Fixes golang/go#23200 Change-Id: I8add8382b9e9ebbf9a70493050867c9af4ed6aa7 Reviewed-on: https://go-review.googlesource.com/85055 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
LewiGoddard
pushed a commit
to LewiGoddard/crypto
that referenced
this issue
Feb 16, 2023
This change fixes an incorrect key derivation if the degree of parallelism is greater than 1. This change adds additional test vectors generated by the https://github.com/P-H-C/phc-winner-argon2 CLI. Fixes golang/go#23200 Change-Id: I8add8382b9e9ebbf9a70493050867c9af4ed6aa7 Reviewed-on: https://go-review.googlesource.com/85055 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
BiiChris
pushed a commit
to BiiChris/crypto
that referenced
this issue
Sep 15, 2023
This change fixes an incorrect key derivation if the degree of parallelism is greater than 1. This change adds additional test vectors generated by the https://github.com/P-H-C/phc-winner-argon2 CLI. Fixes golang/go#23200 Change-Id: I8add8382b9e9ebbf9a70493050867c9af4ed6aa7 Reviewed-on: https://go-review.googlesource.com/85055 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
desdeel2d0m
added a commit
to desdeel2d0m/crypto
that referenced
this issue
Jul 1, 2024
This change fixes an incorrect key derivation if the degree of parallelism is greater than 1. This change adds additional test vectors generated by the https://github.com/P-H-C/phc-winner-argon2 CLI. Fixes golang/go#23200 Change-Id: I8add8382b9e9ebbf9a70493050867c9af4ed6aa7 Reviewed-on: https://go-review.googlesource.com/85055 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
What version of Go are you using (
go version
)?go version go1.9.1 linux/amd64
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/andreas/go"
GORACE=""
GOROOT="/home/andreas/.go/1.9.1"
GOTOOLDIR="/home/andreas/.go/1.9.1/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build893696360=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
What did you do?
Solution
The current implementation has two issues:
The following line
refLane := uint32(rand>>32) % threads
requires an additional check:This was not detected by the official Argon2 test vectors.
The text was updated successfully, but these errors were encountered: