Short digest size for Argon2i

Issue #88 resolved
H Landau
created an issue

https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md says, for Argon2i:

The default output length is 32 bytes (43 characters).

Why does passlib use 16 bytes?

Comments (4)

  1. Eli Collins repo owner

    Passlib just tracks whatever defaults are selected by argon2_cffi's PasswordHasher, since it's closer to libargon2 upstream, and (presumably) has more up-to-date defaults; and they use 16 byte digests. My guess is that they were following section 9 of the argon2-spec which says an output length of "128 bits should be sufficient for all applications".

    But that default is definitely at odds with the spec page you cited, and libargon2 cmdline tool, both of which use 32 bytes.

    Will stop tracking their default in next release, and fix things at 32.

  2. Hynek Schlawack

    JFTR: https://github.com/P-H-C/phc-string-format/ is out of date: last commit comes from 11 Oct 2015 and it doesn’t reflect the current format at all (https://github.com/P-H-C/phc-string-format/issues/1). I’ll prod the maintainers to do something about it.

    The actual spec at https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf recommends 128 bits on page 17:

    128 bits is sufficient for most applications, including key derivation.

    Which is 16 bytes.

  3. Log in to comment