Argon2id class abstract

Argon2id (RFC 9106) memory-hard password hashing function.

Argon2 is known for winning Password Hashing Competition 2015. OWASP Password Storage Cheat Sheet describes it as first choice for password hashing.

The default implementation is DartArgon2id, our pure Dart implementation.

Things to know

  • You need to choose:
    • memory
      • Number of 1kB blocks of memory needed to compute the hash.
      • Higher is better for security. You should experiment what is good for your system. We recommend to start from 1000 (= 1 MB) and go as high as you can.
    • parallelism
      • Maximum number of parallel computations.
      • You should choose a small number such as 1 or 4.
    • iterations
      • Number of iterations. Higher is better for security, but usually you should use value 1 because it makes more sense (from security point of view) to raise memory parameter instead.
    • hashLength
      • The value should be at least 16 bytes. More than 32 bytes is unnecessary from security point of view.
  • OWASP suggests the following parameter values:
    • memory = 19 MiB of memory
    • parallelism = 1
    • iterations = 2

Example

import 'package:cryptography/cryptography.dart';

Future<void> main() async {
  final algorithm = Argon2id(
    parallelism: 4,
    memory: 10000, // 10 000 x 1kB block = 10 MB
    iterations: 3,
    hashLength: 32,
  );

  final newSecretKey = await algorithm.deriveKey(
    secretKey: SecretKey([1,2,3]),
    nonce: [4,5,6],
  );
  final newSecretKeyBytes = await newSecretKey.extractBytes();

  print('hashed password: $newSecretKeyBytes');
}

In need of synchronous APIs?

If you need to perform operations synchronously, use DartArgon2id in package:cryptography/dart.dart.

Inheritance
Implementers

Constructors

Argon2id({required int parallelism, required int memory, required int iterations, required int hashLength})
factory
Argon2id.constructor()
Constructor subclasses.
const

Properties

hashCode int
The hash code for this object.
no setteroverride
hashLength int
Hash length.
no setter
iterations int
Number of iterations.
no setter
memory int
Minimum number of 1 kB blocks needed to compute the hash.
no setter
parallelism int
Maximum number of processors attacker can use concurrently for each attempt.
no setter
runtimeType Type
A representation of the runtime type of the object.
no setterinherited
version int
Argon2id algorithm version number.
no setter

Methods

deriveKey({required SecretKey secretKey, required List<int> nonce, List<int> optionalSecret = const <int>[], List<int> associatedData = const <int>[]}) Future<SecretKey>
Calculates output of Argon2id algorithm.
override
deriveKeyFromPassword({required String password, required List<int> nonce}) Future<SecretKey>
Generates a new secret key from a password and a nonce.
inherited
noSuchMethod(Invocation invocation) → dynamic
Invoked when a nonexistent method or property is accessed.
inherited
toString() String
A string representation of this object.
override

Operators

operator ==(Object other) bool
The equality operator.
override