Comments (6)
intrida-dev
commented on August 17, 2024
1
Thanks, @ranisalt.
We have been debugging this for 2 days and we didn't pay attention toward this small typo. Anyway thanks again for helping us out. :-)
from node-argon2.
ranisalt
commented on August 17, 2024
What library are you using to hash in .NET? Ideally, the generated hash already contains the salt and is in base64 so you shouldn't need this step. If you are using Konscious.Security.Cryptography with the recommended usage, just plug the generated hash to the verify function of node-argon2 and it will return either true or false.
from node-argon2.
intrida-dev
commented on August 17, 2024
We are using 'Konscious.Security.Cryptography.Argon2'. Now we are able to verify the password(hashed in .Net) in node.js using node-argon2. Not problem is other way. When we hash from node.js and try to verify in .Net, it doesn't work.
from node-argon2.
ranisalt
commented on August 17, 2024
I found kmaragon/Konscious.Security.Cryptography#21 and it seems the author did not include a verify function that you can use. The reason seems incorrect: it is not more or less secure to include the parameters in the hash, and it is not useful to distribute the parameters to trusted parties.
We use the PHC string format as recommended, which means encoded hashes have the following format:
$argon2id$v=19$m=65536,t=3,p=4$c2FsdHNhbHRzYWx0c2FsdA$rBWULD5jOGpQy32rLvGcmvQMVqIVNAmrCtekWvUA8bw
That is
$<function>$<params>$<salt, base64 encoded>$<hash, base64 encoded>
So what you can do from your side is split on the $ character to get the parts of the encoded hash, pass it to the Hash function from Konscious.Security.Cryptography.Argon2 and then compare the resulting hash, since the same parameters result in the same hash always.
Let me know if you need more help. I also suggest opening an issue upstream at kmaragon/Konscious.Security.Cryptography to request a verify function to be implemented, as it improves developer experience.
from node-argon2.
intrida-dev
commented on August 17, 2024
Thanks for your reply, @ranisalt.
It seems like 'same parameters result in the same has always' is true for that language. I can see that .Net generates different hash than node.js with same parameters.
I am attaching the node.js and .Net sample applications showing the same. Please have a look at them.
Also see the below output screenshots:
.Net:
Node.js:
from node-argon2.
ranisalt
commented on August 17, 2024
You likely have a typo in your code. I can see that in Node you are using 64536 for memory cost instead of 65536 like you do on .NET
from node-argon2.
Related Issues (20)
- Module not found: Can't resolve 'child_process' HOT 1
- Install fails on macOS 13 with Node 18 HOT 2
- How to use secret? HOT 3
- Vulnerable downstream dependency HOT 6
- Cannot build anymore from yesterday: Cannot find module './**/*' HOT 8
- How to cache the Argon2 binary for CI? HOT 1
- Bun support HOT 1
- how to install with local argon2.node HOT 1
- v0.40.0-alpha.2 raises ts errors HOT 2
- node18.14.0 node-gyp10.0.1 Error message reported during installation of argon2 HOT 2
- How to hash without salt? HOT 2
- Feat request: synchronous version HOT 5
- Crash with docker HOT 2
- `defaults` is no longer exported in v0.40.0 HOT 2
- Mismatching version numbers on github releases and npm (0.40.0 vs 0.40.1) HOT 2
- node-gyp-build error HOT 4
- Doesn't work in the node:20-alpine image docker HOT 24
- Type regression between v0.31.2 and v0.40.1 HOT 5
- ReferenceError: require is not defined HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-argon2.