NAME
Crypt::Argon2 - Perl interface to the Argon2 key derivation functions
VERSION
version 0.024
SYNOPSIS
use Crypt::Argon2 qw/argon2id_pass argon2_verify/;
sub add_pass {
my ($user, $password) = @_;
my $salt = get_random(16);
my $encoded = argon2id_pass($password, $salt, 3, '32M', 1, 16);
store_password($user, $encoded);
}
sub check_password {
my ($user, $password) = @_;
my $encoded = fetch_encoded($user);
return argon2_verify($encoded, $password);
}
DESCRIPTION
This module implements the Argon2 key derivation function, which is suitable to convert any password into a cryptographic key. This is most often used to for secure storage of passwords but can also be used to derive a encryption key from a password. It offers variable time and memory costs as well as output size.
To find appropriate parameters, the bundled program argon2-calibrate
can be used.
FUNCTIONS
argon2_pass($type, $password, $salt, $t_cost, $m_factor, $parallelism, $tag_size)
This function processes the $password
with the given $salt
and parameters. It encodes the resulting tag and the parameters as a password string (e.g. $argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA
).
$type
The argon2 type that is used. This must be one of
'argon2id'
,'argon2i'
or'argon2d'
.$password
This is the password that is to be turned into a cryptographic key.
$salt
This is the salt that is used. It must be long enough to be unique.
$t_cost
This is the time-cost factor, typically a small integer that can be derived as explained above.
$m_factor
This is the memory costs factor. This must be given as a integer followed by an order of magnitude (
k
,M
orG
for kilobytes, megabytes or gigabytes respectively), e.g.'64M'
.$parallelism
This is the number of threads that are used in computing it.
$tag_size
This is the size of the raw result in bytes. Typical values are 16 or 32.
argon2_verify($encoded, $password)
This verifies that the $password
matches $encoded
. All parameters and the tag value are extracted from $encoded
, so no further arguments are necessary.
argon2_raw($type, $password, $salt, $t_cost, $m_factor, $parallelism, $tag_size)
This function processes the $password
with the given $salt
and parameters much like argon2_pass
, but returns the binary tag instead of a formatted string.
argon2id_pass($password, $salt, $t_cost, $m_factor, $parallelism, $tag_size)
argon2i_pass($password, $salt, $t_cost, $m_factor, $parallelism, $tag_size)
argon2d_pass($password, $salt, $t_cost, $m_factor, $parallelism, $tag_size)
This function processes the $password
much like argon2_pass
does, but the $type
argument is set like the function name.
argon2id_verify($encoded, $password)
argon2i_verify($encoded, $password)
argon2d_verify($encoded, $password)
This verifies that the $password
matches $encoded
and the given type. All parameters and the tag value are extracted from $encoded
, so no further arguments are necessary.
argon2id_raw($password, $salt, $t_cost, $m_factor, $parallelism, $tag_size)
argon2i_raw($password, $salt, $t_cost, $m_factor, $parallelism, $tag_size)
argon2d_raw($password, $salt, $t_cost, $m_factor, $parallelism, $tag_size)
This function processes the $password
much like argon2_raw
does, but the $type
argument is set like the function name.
argon2_needs_rehash($encoded, $type, $t_cost, $m_cost, $parallelism, $output_length, $salt_length)
This function checks if a password-encoded string needs a rehash. It will return true if the $type
(valid values are argon2i
, argon2id
or argon2d
), $t_cost
, $m_cost
, $parallelism
, $output_length
or $salt_length
arguments mismatches any of the parameters of the password-encoded hash.
argon2_types
This returns all supported argon2 subtypes. Currently that's 'argon2id'
, 'argon2i'
and 'argon2d'
.
ACKNOWLEDGEMENTS
This module is based on the reference implementation as can be found at https://github.com/P-H-C/phc-winner-argon2.
SEE ALSO
You will also need a good source of randomness to generate good salts. Some possible solutions include:
-
Its RAND_bytes function is OpenSSL's pseudo-randomness source.
-
A minimalistic abstraction around OS-provided non-blocking (pseudo-)randomness.
/dev/random
//dev/urandom
A Linux/BSD specific pseudo-file that will allow you to read random bytes.
Implementations of other similar algorithms include:
-
An implementation of bcrypt, a battle-tested algorithm that tries to be CPU but not particularly memory intensive.
-
An implementation of scrypt, a older scheme that also tries to be memory hard.
AUTHOR
Leon Timmermans <leont@cpan.org>
COPYRIGHT AND LICENSE
This software is Copyright (c) 2013 by Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, Samuel Neves, Thomas Pornin and Leon Timmermans.
This is free software, licensed under:
The Apache License, Version 2.0, January 2004