Skip to content
Liesware edited this page Jan 25, 2019 · 12 revisions

PHC

spec

In order to understand hex and type parameters read HASH

Argon2

spec

Description: Password hashing winner of PHC.

Outputs: Variable

Uses: Highest resistance against GPU cracking attacks, safest against side-channel attacks.

How to ???

import socket
import json
import os,binascii

def sending(message):
	ip = '127.0.0.1'
	port = 6613
	BUFFER_SIZE = 65536
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.connect((ip, port))
	s.send(message)
	data = s.recv(BUFFER_SIZE)
	s.close()
	return data

def argon(data_js):
	req=json.loads(data_js)
	print "Hash passwd \n " + json.dumps(req) +"\n"
	data_js_n=sending(json.dumps(req))
	answ=json.loads(data_js_n)
	print "Recived Argon2 hash: \n" + (json.dumps(answ)) +"\n\n\n"
	verify= '{ "version": 1 , "algorithm":"ARGON2" ,"family":"argon2i","plaintext": "Hello world!","hex":0,"pwd":"", "operation":"verify"}';
	req=json.loads(verify)
	req["pwd"]=answ["hash"]
	print "Verify passwd \n " + json.dumps(req) +"\n"
	data_js_n=sending(json.dumps(req))
	answ_1=json.loads(data_js_n)
	print "Recived Argon verification: \n" + (json.dumps(answ_1)) +"\n\n\n"


argon2_js='{ "version": 1 , "algorithm":"ARGON2" ,"family":"argon2i","plaintext": "Hello world!","t_cost":10,"m_cost":16,"parallelism":4,\
"salt":"ABABABABABABABABABABABABABABABAB","hashlen":32, "hex":0, "operation":"hash"}'

argon(argon2_js)

In this example We generate hash and validate password with argon2i from string Hello world! with t_cost, m_cost, parallelism and salt parameters given.

In order to understand t_cost, m_cost, parallelism and salt parameters, please read spec.

  • On argon2_js["family"] can be one of {argon2i, argon2d, argon2id}
  • On argon2_js["operation"] can be {hash, verify}
  • ARGON2 only supports "type":"string"

Json to hash

{ "version": 1 , "algorithm":"ARGON2" ,"family":"argon2 flavor",
"plaintext": "your password","t_cost":INT,"m_cost":INT,"parallelism":INT,
"salt":"hex string","hashlen":INT, "hex": BOOL, "operation":"hash"}

Json to verify

{ "version": 1 , "algorithm":"ARGON2" ,"family":"argon2 flavor",
"plaintext": "your password","hex":BOOL,"pwd":"Hex (hash arong2 string) ", 
"operation":"verify"}

In this tutorial We are protecting user's credentials with TLS and Argon2. It means the information is protected in motion, at rest, in use. End to end user credentials protection

You can’t perform that action at this time.