khovratovich / argon2 Goto Github PK

Memory-hard scheme Argon2

License: Other

Makefile 0.98% C++ 43.33% C 44.44% TeX 10.91% Shell 0.35%

argon2's Introduction

Argon2 source code package

Warning

Argon2 is the basis for the eventual winner of Password Hashing Competition. The final winner may be different from the current version (1.2.1).

About

The Argon2 source code package in Source/ includes:

Reference C99 & C++11 implementations of the password hashing scheme Argon2

make
Optimized C99 & C++11 implementations of the password hashing scheme Argon2

make OPT=TRUE

Build result:

Argon2 without debug messages argon2
Argon2 shared library libargon2.so
Argon2 built with the shared library argon2-lib-test

Usage

Options:

argon2 -help

Benchmark Argon2d, Argon2id, Argon2i, Argon2ds with different level of parallelism:

argon2 -benchmark

Generate detailed test vectors for type 't', where 't' is one of {Argon2d, Argon2id, Argon2i, Argon2ds}:

argon2 -gen-tv -type t

Check generated test vectors against available test vectors:

./Scripts/check_test_vectors.sh -s=./Source/C++11/

./Scripts/check_test_vectors.sh -s=./Source/C99/

##Library usage

Initialize Argon2_Context structure with

address of output buffer (can not be NULL)
output length
address of password array
password length *
address of salt array
salt length *
address of secret/key array
key length *
address of associated data array
associated data length
number of iterations *
amount of memory in KBytes *
number of parallel threads
pointer to memory allocator
pointer to memory deallocator
password erase indicator *
secret erase indicator *
memory erase indicator *

All these parameters but the last five affect the output digest. Parameters marked by * are security critical and should be selected according to the specification. Parameters 'number of iterations', 'amount of memory', 'number of parallel threads', and (to some extent) 'memory erase indicator' affect performance.

Select the Argon2 mode that fits the needs. Argon2i is safe against side-channel attacks but is more vulnerable to GPU cracking and memory-reduction attacks than Argon2d (factor 1.5 for memory reduction) and Argon2ds (factor 5 for GPU cracking). Argon2d(s) is recommended for side-channel free environments.
Call 'mode'(context) such as Argon2d(context) and read the output buffer.

Language Bindings

Bindings to the Argon2 library are available in a number of languages

Copyright

Argon2 source code package is distributed under the Creative Commons CC0 1.0 License.

Third Party Code

Blake 2 source code ./Source/Blake2/*
platform independent endianess detection ./Source/Common/brg-endian.h

argon2's People

Contributors

Stargazers

Watchers

Forkers

mbroz aj92 wshca enascimento bjoernmhaase pazthor arminc zmanian bitspill janetizzy hemel-cse dboehmer bzab sergeyjames ifindoubt

argon2's Issues

Add -password <password> and -salt <salt> as inputs

Commandline option to output only the password hash

It would be nice to have a command line option that would provide output from argon2 with only the hash similar to sha2sum, b2sum etc.

Remove SSE4 usage

I tried 'make OPT=TRUE' with only SSSE3 enabled and found that it requires to patch only the following two calls of _mm_extract_epi64:

    if (Sbox != NULL) {
        x = _mm_extract_epi64(block_XY[0], 0) ^ _mm_extract_epi64(block_XY[ARGON2_QWORDS_IN_BLOCK - 1], 1);
        for (int i = 0; i < 6 * 16; ++i) {
            uint32_t x1 = x >> 32;
            uint32_t x2 = x & 0xFFFFFFFF;
            uint64_t y = Sbox[x1 & ARGON2_SBOX_MASK];
            uint64_t z = Sbox[(x2 & ARGON2_SBOX_MASK) + ARGON2_SBOX_SIZE / 2];
            x = (uint64_t) x1 * (uint64_t) x2;
            x += y;
            x ^= z;
        }
    }

that can be easily done with pointer arithmetic:

        x = *(uint64_t*)block_XY ^ ((uint64_t*)block_XY)[ARGON2_QWORDS_IN_BLOCK*2-1];

Custom free function signature

With the signature
typedef void(*FreeMemoryCallback)(uint8_t *memory, size_t bytes_to_allocate);

It looks like this should be (uint8_t *memory, bool clear_memory) to match FreeMemory.

I'd also recommend clearing be done inside Finalize and drop the second parameter all together.

Allow up to 2^32 threads

NOT_OPTIMIZED not defined in all cases

In argon2-core.cpp there some cases where NOT_OPTIMIZED is not defined.

defined(clang) && !has_attribute(optnone)
!defined(__clang) && defined(GNUC) && GCC_VERSION < 40400

By deleting:

else

define NOT_OPTIMIZED

You could place a catch-all block:

ifndef NOT_OPTIMIZED

define NOT_OPTIMIZED

endif

Remove preprocessor directives related to KAT

Thread number selection

Allow to select the number of threads separately from the number of lanes

blake2b function visibility in libargon2.so

please also consider visibility of the symbols in libargon2.so.
They could be renamed, hidden, or what about adding blake2b function prototypes to argon2.h 😋

0000000000008ca0 T blake2b
0000000000008ac0 T blake2b_final
0000000000008730 T blake2b_init
0000000000008960 T blake2b_init_key
0000000000008620 T blake2b_init_param
0000000000008d70 T blake2b_long
00000000000087d0 T blake2b_update

Removed unused blake2 files

The following files are unused both in REF and OPT versions of Argon2:

blake2b.cpp
blake2-config.h
blake2-round.h
blake2b-load-sse2.h
blake2b-load-sse41.h
blake2b-round.h

at least, i successfully compiled without them all

Thanks,
Chris.

Building Argon2?

Based on the ReadMe, I'd expect to see a Makefile in the top level directory that builds the argon2 binary.

There are Markefiles in v1.1 and v1.2 directories that build argon2d and argon2i.

So what's up?

khovratovich / argon2 Goto Github PK

argon2's Introduction

Argon2 source code package

Warning

About

Usage

Language Bindings

Copyright

Third Party Code

argon2's People

Contributors

Stargazers

Watchers

Forkers

argon2's Issues

else

define NOT_OPTIMIZED

ifndef NOT_OPTIMIZED

define NOT_OPTIMIZED

endif

Recommend Projects

Recommend Topics

Recommend Org