Class CryptoPasswordHashArgon
- Namespace
- LibSodium
- Assembly
- LibSodium.Net.dll
Provides password hashing and key derivation using Argon2.
public static class CryptoPasswordHashArgon
- Inheritance
-
CryptoPasswordHashArgon
- Inherited Members
Remarks
Based on libsodium's crypto_pwhash API: https://doc.libsodium.org/password_hashing
Fields
EncodedLen
Maximum length of the encoded hash string (includes null terminator) (128).
public const int EncodedLen = 128
Field Value
InteractiveIterations
Recommended iterations for interactive use (2).
public const int InteractiveIterations = 2
Field Value
InteractiveMemoryLen
Recommended memory usage for interactive use (64Mb).
public const int InteractiveMemoryLen = 67108864
Field Value
MinIterations
Minimum number of iterations for key derivation (1).
public const int MinIterations = 1
Field Value
MinKeyLen
Minimum allowed length in bytes for the derived key (16).
public const int MinKeyLen = 16
Field Value
MinMemoryLen
Minimum memory usage in bytes (8k).
public const int MinMemoryLen = 8192
Field Value
MinPasswordLen
Minimum allowed password length in bytes (0).
public const int MinPasswordLen = 0
Field Value
ModerateIterations
Recommended iterations for moderate use (3).
public const int ModerateIterations = 3
Field Value
ModerateMemoryLen
Recommended memory usage for moderate use (256Mb).
public const int ModerateMemoryLen = 268435456
Field Value
Prefix
Prefix for the encoded hash string (e.g. "\(argon2id\)").
public const string Prefix = "$argon2id$"
Field Value
SaltLen
Length of the salt in bytes (16).
public const int SaltLen = 16
Field Value
SensitiveIterations
Recommended iterations for sensitive use (4).
public const int SensitiveIterations = 4
Field Value
SensitiveMemoryLen
Recommended memory usage for sensitive use (1Gb).
public const int SensitiveMemoryLen = 1073741824
Field Value
Methods
DeriveKey(SecureMemory<byte>, SecureMemory<byte>, ReadOnlySpan<byte>, int, int, PasswordHashArgonAlgorithm)
Derives a secret key from a password and salt using Argon2.
public static void DeriveKey(SecureMemory<byte> key, SecureMemory<byte> password, ReadOnlySpan<byte> salt, int iterations = 2, int requiredMemoryLen = 67108864, PasswordHashArgonAlgorithm algorithm = PasswordHashArgonAlgorithm.Argon2id13)
Parameters
key
SecureMemory<byte>Buffer to receive the derived key (recommended: 32 bytes).
password
SecureMemory<byte>The password to hash.
salt
ReadOnlySpan<byte>The salt (must be 16 bytes).
iterations
intComputation cost (default: INTERACTIVE).
requiredMemoryLen
intMemory usage limit in bytes (default: INTERACTIVE).
algorithm
PasswordHashArgonAlgorithmHash algorithm to use (default: Argon2id13).
Exceptions
- ArgumentException
If arguments are invalid.
- LibSodiumException
If hashing fails.
DeriveKey(Span<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, int, int, PasswordHashArgonAlgorithm)
Derives a secret key from a password and salt using Argon2.
public static void DeriveKey(Span<byte> key, ReadOnlySpan<byte> password, ReadOnlySpan<byte> salt, int iterations = 2, int requiredMemoryLen = 67108864, PasswordHashArgonAlgorithm algorithm = PasswordHashArgonAlgorithm.Argon2id13)
Parameters
key
Span<byte>Buffer to receive the derived key (recommended: 32 bytes).
password
ReadOnlySpan<byte>The password to hash.
salt
ReadOnlySpan<byte>The salt (must be 16 bytes).
iterations
intComputation cost (default: INTERACTIVE).
requiredMemoryLen
intMemory usage limit in bytes (default: INTERACTIVE).
algorithm
PasswordHashArgonAlgorithmHash algorithm to use (default: Argon2id13).
Exceptions
- ArgumentException
If arguments are invalid.
- LibSodiumException
If hashing fails.
DeriveKey(Span<byte>, string, ReadOnlySpan<byte>, int, int, PasswordHashArgonAlgorithm)
Derives a secret key from a password string and salt using Argon2.
public static void DeriveKey(Span<byte> key, string password, ReadOnlySpan<byte> salt, int iterations = 2, int requiredMemoryLen = 67108864, PasswordHashArgonAlgorithm algorithm = PasswordHashArgonAlgorithm.Argon2id13)
Parameters
key
Span<byte>Buffer to receive the derived key (recommended: 32 bytes).
password
stringThe password string to hash.
salt
ReadOnlySpan<byte>The salt (must be 16 bytes).
iterations
intComputation cost (default: INTERACTIVE).
requiredMemoryLen
intMemory usage limit in bytes (default: INTERACTIVE).
algorithm
PasswordHashArgonAlgorithmHash algorithm to use (default: Argon2id13).
Exceptions
- ArgumentNullException
If the password is null.
- LibSodiumException
If hashing fails.
HashPassword(SecureMemory<byte>, int, int)
Hashes a password into a human-readable string (including algorithm and parameters).
public static string HashPassword(SecureMemory<byte> password, int iterations = 2, int requiredMemoryLen = 67108864)
Parameters
password
SecureMemory<byte>The password to hash (in UTF-8).
iterations
intComputation cost (default: INTERACTIVE).
requiredMemoryLen
intMemory usage limit in bytes (default: INTERACTIVE).
Returns
- string
A string containing only ASCII characters, including the algorithm identifier, salt, and parameters.
Exceptions
- ArgumentOutOfRangeException
If password is too short or parameters are invalid.
- LibSodiumException
If hashing fails.
HashPassword(ReadOnlySpan<byte>, int, int)
Hashes a password into a human-readable string (including algorithm and parameters).
public static string HashPassword(ReadOnlySpan<byte> password, int iterations = 2, int requiredMemoryLen = 67108864)
Parameters
password
ReadOnlySpan<byte>The password to hash (in UTF-8).
iterations
intComputation cost (default: INTERACTIVE).
requiredMemoryLen
intMemory usage limit in bytes (default: INTERACTIVE).
Returns
- string
A string containing only ASCII characters, including the algorithm identifier, salt, and parameters.
Exceptions
- ArgumentOutOfRangeException
If password is too short or parameters are invalid.
- LibSodiumException
If hashing fails.
HashPassword(string, int, int)
Hashes a password string into a human-readable string (including algorithm and parameters).
public static string HashPassword(string password, int iterations = 2, int requiredMemoryLen = 67108864)
Parameters
password
stringThe password to hash (as string).
iterations
intComputation cost (default: INTERACTIVE).
requiredMemoryLen
intMemory usage limit in bytes (default: INTERACTIVE).
Returns
- string
A string containing only ASCII characters, including the algorithm identifier, salt, and parameters.
Exceptions
- ArgumentNullException
If the password is null.
- ArgumentOutOfRangeException
If parameters are invalid.
- LibSodiumException
If hashing fails.
VerifyPassword(string, SecureMemory<byte>)
Verifies a password against a previously hashed string.
public static bool VerifyPassword(string hashedPassword, SecureMemory<byte> password)
Parameters
hashedPassword
stringThe encoded password hash string (must be ASCII and null-terminated).
password
SecureMemory<byte>The password to verify.
Returns
- bool
true
if the password is valid; otherwise,false
.
Exceptions
- ArgumentNullException
If
hashedPassword
is null.- ArgumentException
If
hashedPassword
is too long.
VerifyPassword(string, ReadOnlySpan<byte>)
Verifies a password against a previously hashed string.
public static bool VerifyPassword(string hashedPassword, ReadOnlySpan<byte> password)
Parameters
hashedPassword
stringThe encoded password hash string (must be ASCII and null-terminated).
password
ReadOnlySpan<byte>The password to verify.
Returns
- bool
true
if the password is valid; otherwise,false
.
Exceptions
- ArgumentNullException
If
hashedPassword
is null.- ArgumentException
If
hashedPassword
is too long.
VerifyPassword(string, string)
Verifies a password string against a previously hashed string.
public static bool VerifyPassword(string hashedPassword, string password)
Parameters
hashedPassword
stringThe encoded password hash string (must be ASCII and null-terminated).
password
stringThe password to verify (as string).
Returns
- bool
true
if the password is valid; otherwise,false
.
Exceptions
- ArgumentNullException
If
password
is null.