Table of Contents

Class CryptoPasswordHashArgon

Namespace
LibSodium
Assembly
LibSodium.Net.dll

Provides password hashing and key derivation using Argon2.

public static class CryptoPasswordHashArgon
Inheritance
CryptoPasswordHashArgon
Inherited Members

Remarks

Based on libsodium's crypto_pwhash API: https://doc.libsodium.org/password_hashing

Fields

EncodedLen

Maximum length of the encoded hash string (includes null terminator) (128).

public const int EncodedLen = 128

Field Value

int

InteractiveIterations

Recommended iterations for interactive use (2).

public const int InteractiveIterations = 2

Field Value

int

InteractiveMemoryLen

Recommended memory usage for interactive use (64Mb).

public const int InteractiveMemoryLen = 67108864

Field Value

int

MinIterations

Minimum number of iterations for key derivation (1).

public const int MinIterations = 1

Field Value

int

MinKeyLen

Minimum allowed length in bytes for the derived key (16).

public const int MinKeyLen = 16

Field Value

int

MinMemoryLen

Minimum memory usage in bytes (8k).

public const int MinMemoryLen = 8192

Field Value

int

MinPasswordLen

Minimum allowed password length in bytes (0).

public const int MinPasswordLen = 0

Field Value

int

ModerateIterations

Recommended iterations for moderate use (3).

public const int ModerateIterations = 3

Field Value

int

ModerateMemoryLen

Recommended memory usage for moderate use (256Mb).

public const int ModerateMemoryLen = 268435456

Field Value

int

Prefix

Prefix for the encoded hash string (e.g. "\(argon2id\)").

public const string Prefix = "$argon2id$"

Field Value

string

SaltLen

Length of the salt in bytes (16).

public const int SaltLen = 16

Field Value

int

SensitiveIterations

Recommended iterations for sensitive use (4).

public const int SensitiveIterations = 4

Field Value

int

SensitiveMemoryLen

Recommended memory usage for sensitive use (1Gb).

public const int SensitiveMemoryLen = 1073741824

Field Value

int

Methods

DeriveKey(SecureMemory<byte>, SecureMemory<byte>, ReadOnlySpan<byte>, int, int, PasswordHashArgonAlgorithm)

Derives a secret key from a password and salt using Argon2.

public static void DeriveKey(SecureMemory<byte> key, SecureMemory<byte> password, ReadOnlySpan<byte> salt, int iterations = 2, int requiredMemoryLen = 67108864, PasswordHashArgonAlgorithm algorithm = PasswordHashArgonAlgorithm.Argon2id13)

Parameters

key SecureMemory<byte>

Buffer to receive the derived key (recommended: 32 bytes).

password SecureMemory<byte>

The password to hash.

salt ReadOnlySpan<byte>

The salt (must be 16 bytes).

iterations int

Computation cost (default: INTERACTIVE).

requiredMemoryLen int

Memory usage limit in bytes (default: INTERACTIVE).

algorithm PasswordHashArgonAlgorithm

Hash algorithm to use (default: Argon2id13).

Exceptions

ArgumentException

If arguments are invalid.

LibSodiumException

If hashing fails.

DeriveKey(Span<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, int, int, PasswordHashArgonAlgorithm)

Derives a secret key from a password and salt using Argon2.

public static void DeriveKey(Span<byte> key, ReadOnlySpan<byte> password, ReadOnlySpan<byte> salt, int iterations = 2, int requiredMemoryLen = 67108864, PasswordHashArgonAlgorithm algorithm = PasswordHashArgonAlgorithm.Argon2id13)

Parameters

key Span<byte>

Buffer to receive the derived key (recommended: 32 bytes).

password ReadOnlySpan<byte>

The password to hash.

salt ReadOnlySpan<byte>

The salt (must be 16 bytes).

iterations int

Computation cost (default: INTERACTIVE).

requiredMemoryLen int

Memory usage limit in bytes (default: INTERACTIVE).

algorithm PasswordHashArgonAlgorithm

Hash algorithm to use (default: Argon2id13).

Exceptions

ArgumentException

If arguments are invalid.

LibSodiumException

If hashing fails.

DeriveKey(Span<byte>, string, ReadOnlySpan<byte>, int, int, PasswordHashArgonAlgorithm)

Derives a secret key from a password string and salt using Argon2.

public static void DeriveKey(Span<byte> key, string password, ReadOnlySpan<byte> salt, int iterations = 2, int requiredMemoryLen = 67108864, PasswordHashArgonAlgorithm algorithm = PasswordHashArgonAlgorithm.Argon2id13)

Parameters

key Span<byte>

Buffer to receive the derived key (recommended: 32 bytes).

password string

The password string to hash.

salt ReadOnlySpan<byte>

The salt (must be 16 bytes).

iterations int

Computation cost (default: INTERACTIVE).

requiredMemoryLen int

Memory usage limit in bytes (default: INTERACTIVE).

algorithm PasswordHashArgonAlgorithm

Hash algorithm to use (default: Argon2id13).

Exceptions

ArgumentNullException

If the password is null.

LibSodiumException

If hashing fails.

HashPassword(SecureMemory<byte>, int, int)

Hashes a password into a human-readable string (including algorithm and parameters).

public static string HashPassword(SecureMemory<byte> password, int iterations = 2, int requiredMemoryLen = 67108864)

Parameters

password SecureMemory<byte>

The password to hash (in UTF-8).

iterations int

Computation cost (default: INTERACTIVE).

requiredMemoryLen int

Memory usage limit in bytes (default: INTERACTIVE).

Returns

string

A string containing only ASCII characters, including the algorithm identifier, salt, and parameters.

Exceptions

ArgumentOutOfRangeException

If password is too short or parameters are invalid.

LibSodiumException

If hashing fails.

HashPassword(ReadOnlySpan<byte>, int, int)

Hashes a password into a human-readable string (including algorithm and parameters).

public static string HashPassword(ReadOnlySpan<byte> password, int iterations = 2, int requiredMemoryLen = 67108864)

Parameters

password ReadOnlySpan<byte>

The password to hash (in UTF-8).

iterations int

Computation cost (default: INTERACTIVE).

requiredMemoryLen int

Memory usage limit in bytes (default: INTERACTIVE).

Returns

string

A string containing only ASCII characters, including the algorithm identifier, salt, and parameters.

Exceptions

ArgumentOutOfRangeException

If password is too short or parameters are invalid.

LibSodiumException

If hashing fails.

HashPassword(string, int, int)

Hashes a password string into a human-readable string (including algorithm and parameters).

public static string HashPassword(string password, int iterations = 2, int requiredMemoryLen = 67108864)

Parameters

password string

The password to hash (as string).

iterations int

Computation cost (default: INTERACTIVE).

requiredMemoryLen int

Memory usage limit in bytes (default: INTERACTIVE).

Returns

string

A string containing only ASCII characters, including the algorithm identifier, salt, and parameters.

Exceptions

ArgumentNullException

If the password is null.

ArgumentOutOfRangeException

If parameters are invalid.

LibSodiumException

If hashing fails.

VerifyPassword(string, SecureMemory<byte>)

Verifies a password against a previously hashed string.

public static bool VerifyPassword(string hashedPassword, SecureMemory<byte> password)

Parameters

hashedPassword string

The encoded password hash string (must be ASCII and null-terminated).

password SecureMemory<byte>

The password to verify.

Returns

bool

true if the password is valid; otherwise, false.

Exceptions

ArgumentNullException

If hashedPassword is null.

ArgumentException

If hashedPassword is too long.

VerifyPassword(string, ReadOnlySpan<byte>)

Verifies a password against a previously hashed string.

public static bool VerifyPassword(string hashedPassword, ReadOnlySpan<byte> password)

Parameters

hashedPassword string

The encoded password hash string (must be ASCII and null-terminated).

password ReadOnlySpan<byte>

The password to verify.

Returns

bool

true if the password is valid; otherwise, false.

Exceptions

ArgumentNullException

If hashedPassword is null.

ArgumentException

If hashedPassword is too long.

VerifyPassword(string, string)

Verifies a password string against a previously hashed string.

public static bool VerifyPassword(string hashedPassword, string password)

Parameters

hashedPassword string

The encoded password hash string (must be ASCII and null-terminated).

password string

The password to verify (as string).

Returns

bool

true if the password is valid; otherwise, false.

Exceptions

ArgumentNullException

If password is null.