Argon2 delivers different Hash 4.1.1 vs. newest Release

Jurgen_Bucher · January 4, 2021, 8:46am

This is a realy critical problem:
Using a Version 4.1.1 and newest Version of Cryptography Pack i get different Hashes!
Code used:

fArgon2 := TArgon2KeyDerivation.Create(nil);
fArgon2.outputSizeBytes := 32;
fArgon2.counter := 10; // 10 Iterationen
fArgon2.memory := 16;
fArgon2.unicode := yesUni;
fArgon2.outputFormat := TConvertType.Base64;

var
key:string;
begin
fArgon2.StringSalt := TNetEncoding.Base64.Decode(aSalt);
key:=TNetEncoding.Base64.Encode(fArgon2.GenerateKey(aPWD));
result := (aHashedPWD = key);

Marion · January 11, 2021, 10:29am

Hi,
Do you use Unicode characters in your salt? In version 4.2.6.1, we fixed an issue about Unicode characters in TArgon2KeyDerivation.SetStringSalt method.
Best regards,
Marion

Jurgen_Bucher · January 12, 2021, 1:36pm

Hi Marion,

we use a standard delphi string to set the salt. Is there a posibility to get an overload or a deprecated method to use the old (buggy) variant?
BR
Jürgen

Marion · February 19, 2021, 10:31am

Hi Jürgen,
I will create a deprecated method to use the old variant. I will release a new version next week.
Best regards,
Marion

Jurgen_Bucher · February 19, 2021, 11:38am

Thanks! That will help as a LOT!

Marion · February 19, 2021, 4:09pm

Hi,
In the 4.3.1 version, I have added a new property named useDeprecatedSalt that you can set to true to use the last version of SetStringSalt.
Best regards,
Marion