Class CryptoPasswordHashArgon

Namespace: LibSodium

Assembly: LibSodium.Net.dll

Provides password hashing and key derivation using Argon2.

public static class CryptoPasswordHashArgon

Inheritance: object

CryptoPasswordHashArgon

Inherited Members: object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Remarks

Based on libsodium's crypto_pwhash API: https://doc.libsodium.org/password_hashing

Fields

EncodedLen

Maximum length of the encoded hash string (includes null terminator) (128).

public const int EncodedLen = 128

Field Value

int

InteractiveIterations

Recommended iterations for interactive use (2).

public const int InteractiveIterations = 2

Field Value

int

InteractiveMemoryLen

Recommended memory usage for interactive use (64Mb).

public const int InteractiveMemoryLen = 67108864

Field Value

int

MinIterations

Minimum number of iterations for key derivation (1).

public const int MinIterations = 1

Field Value

int

MinKeyLen

Minimum allowed length in bytes for the derived key (16).

public const int MinKeyLen = 16

Field Value

int

MinMemoryLen

Minimum memory usage in bytes (8k).

public const int MinMemoryLen = 8192

Field Value

int

MinPasswordLen

Minimum allowed password length in bytes (0).

public const int MinPasswordLen = 0

Field Value

int

ModerateIterations

Recommended iterations for moderate use (3).

public const int ModerateIterations = 3

Field Value

int

ModerateMemoryLen

Recommended memory usage for moderate use (256Mb).

public const int ModerateMemoryLen = 268435456

Field Value

int

Prefix

Prefix for the encoded hash string (e.g. "\(argon2id\)").

public const string Prefix = "$argon2id$"

Field Value

string

SaltLen

Length of the salt in bytes (16).

public const int SaltLen = 16

Field Value

int

SensitiveIterations

Recommended iterations for sensitive use (4).

public const int SensitiveIterations = 4

Field Value

int

SensitiveMemoryLen

Recommended memory usage for sensitive use (1Gb).

public const int SensitiveMemoryLen = 1073741824

Field Value

int

Methods

DeriveKey(SecureMemory<byte>, SecureMemory<byte>, ReadOnlySpan<byte>, int, int, PasswordHashArgonAlgorithm)

Derives a secret key from a password and salt using Argon2.

public static void DeriveKey(SecureMemory<byte> key, SecureMemory<byte> password, ReadOnlySpan<byte> salt, int iterations = 2, int requiredMemoryLen = 67108864, PasswordHashArgonAlgorithm algorithm = PasswordHashArgonAlgorithm.Argon2id13)

Parameters

key SecureMemory<byte>: Buffer to receive the derived key (recommended: 32 bytes).
password SecureMemory<byte>: The password to hash.
salt ReadOnlySpan<byte>: The salt (must be 16 bytes).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).
algorithm PasswordHashArgonAlgorithm: Hash algorithm to use (default: Argon2id13).

Exceptions

ArgumentException: If arguments are invalid.
LibSodiumException: If hashing fails.

DeriveKey(Span<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, int, int, PasswordHashArgonAlgorithm)

Derives a secret key from a password and salt using Argon2.

public static void DeriveKey(Span<byte> key, ReadOnlySpan<byte> password, ReadOnlySpan<byte> salt, int iterations = 2, int requiredMemoryLen = 67108864, PasswordHashArgonAlgorithm algorithm = PasswordHashArgonAlgorithm.Argon2id13)

Parameters

key Span<byte>: Buffer to receive the derived key (recommended: 32 bytes).
password ReadOnlySpan<byte>: The password to hash.
salt ReadOnlySpan<byte>: The salt (must be 16 bytes).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).
algorithm PasswordHashArgonAlgorithm: Hash algorithm to use (default: Argon2id13).

Exceptions

ArgumentException: If arguments are invalid.
LibSodiumException: If hashing fails.

DeriveKey(Span<byte>, string, ReadOnlySpan<byte>, int, int, PasswordHashArgonAlgorithm)

Derives a secret key from a password string and salt using Argon2.

public static void DeriveKey(Span<byte> key, string password, ReadOnlySpan<byte> salt, int iterations = 2, int requiredMemoryLen = 67108864, PasswordHashArgonAlgorithm algorithm = PasswordHashArgonAlgorithm.Argon2id13)

Parameters

key Span<byte>: Buffer to receive the derived key (recommended: 32 bytes).
password string: The password string to hash.
salt ReadOnlySpan<byte>: The salt (must be 16 bytes).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).
algorithm PasswordHashArgonAlgorithm: Hash algorithm to use (default: Argon2id13).

Exceptions

ArgumentNullException: If the password is null.
LibSodiumException: If hashing fails.

HashPassword(SecureMemory<byte>, int, int)

Hashes a password into a human-readable string (including algorithm and parameters).

public static string HashPassword(SecureMemory<byte> password, int iterations = 2, int requiredMemoryLen = 67108864)

Parameters

password SecureMemory<byte>: The password to hash (in UTF-8).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).

Returns

string: A string containing only ASCII characters, including the algorithm identifier, salt, and parameters.

Exceptions

ArgumentOutOfRangeException: If password is too short or parameters are invalid.
LibSodiumException: If hashing fails.

HashPassword(ReadOnlySpan<byte>, int, int)

Hashes a password into a human-readable string (including algorithm and parameters).

public static string HashPassword(ReadOnlySpan<byte> password, int iterations = 2, int requiredMemoryLen = 67108864)

Parameters

password ReadOnlySpan<byte>: The password to hash (in UTF-8).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).

Returns

string: A string containing only ASCII characters, including the algorithm identifier, salt, and parameters.

Exceptions

ArgumentOutOfRangeException: If password is too short or parameters are invalid.
LibSodiumException: If hashing fails.

HashPassword(string, int, int)

Hashes a password string into a human-readable string (including algorithm and parameters).

public static string HashPassword(string password, int iterations = 2, int requiredMemoryLen = 67108864)

Parameters

password string: The password to hash (as string).
iterations int: Computation cost (default: INTERACTIVE).
requiredMemoryLen int: Memory usage limit in bytes (default: INTERACTIVE).

Returns

string: A string containing only ASCII characters, including the algorithm identifier, salt, and parameters.

Exceptions

ArgumentNullException: If the password is null.
ArgumentOutOfRangeException: If parameters are invalid.
LibSodiumException: If hashing fails.

VerifyPassword(string, SecureMemory<byte>)

Verifies a password against a previously hashed string.

public static bool VerifyPassword(string hashedPassword, SecureMemory<byte> password)

Parameters

hashedPassword string: The encoded password hash string (must be ASCII and null-terminated).
password SecureMemory<byte>: The password to verify.

Returns

bool: true if the password is valid; otherwise, false.

Exceptions

ArgumentNullException: If hashedPassword is null.
ArgumentException: If hashedPassword is too long.

VerifyPassword(string, ReadOnlySpan<byte>)

Verifies a password against a previously hashed string.

public static bool VerifyPassword(string hashedPassword, ReadOnlySpan<byte> password)

Parameters

hashedPassword string: The encoded password hash string (must be ASCII and null-terminated).
password ReadOnlySpan<byte>: The password to verify.

Returns

bool: true if the password is valid; otherwise, false.

Exceptions

ArgumentNullException: If hashedPassword is null.
ArgumentException: If hashedPassword is too long.

VerifyPassword(string, string)

Verifies a password string against a previously hashed string.

public static bool VerifyPassword(string hashedPassword, string password)

Parameters

hashedPassword string: The encoded password hash string (must be ASCII and null-terminated).
password string: The password to verify (as string).

Returns

bool: true if the password is valid; otherwise, false.

Exceptions

ArgumentNullException: If password is null.

Table of Contents

Class CryptoPasswordHashArgon

Remarks

Fields

EncodedLen

Field Value

InteractiveIterations

Field Value

InteractiveMemoryLen

Field Value

MinIterations

Field Value

MinKeyLen

Field Value

MinMemoryLen

Field Value

MinPasswordLen

Field Value

ModerateIterations

Field Value

ModerateMemoryLen

Field Value

Prefix

Field Value

SaltLen

Field Value

SensitiveIterations

Field Value

SensitiveMemoryLen

Field Value

Methods

DeriveKey(SecureMemory<byte>, SecureMemory<byte>, ReadOnlySpan<byte>, int, int, PasswordHashArgonAlgorithm)

Parameters

Exceptions

DeriveKey(Span<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>, int, int, PasswordHashArgonAlgorithm)

Parameters

Exceptions

DeriveKey(Span<byte>, string, ReadOnlySpan<byte>, int, int, PasswordHashArgonAlgorithm)

Parameters

Exceptions

HashPassword(SecureMemory<byte>, int, int)

Parameters

Returns

Exceptions

HashPassword(ReadOnlySpan<byte>, int, int)

Parameters

Returns

Exceptions

HashPassword(string, int, int)

Parameters

Returns

Exceptions

VerifyPassword(string, SecureMemory<byte>)

Parameters

Returns

Exceptions

VerifyPassword(string, ReadOnlySpan<byte>)

Parameters

Returns

Exceptions

VerifyPassword(string, string)

Parameters

Returns

Exceptions