Argon2id class abstract
Argon2id (RFC 9106) memory-hard password hashing function.
Argon2 is known for winning Password Hashing Competition 2015. OWASP Password Storage Cheat Sheet describes it as first choice for password hashing.
The default implementation is DartArgon2id, our pure Dart implementation.
Things to know
- You need to choose:
- memory
- Number of 1kB blocks of memory needed to compute the hash.
- Higher is better for security. You should experiment what is good for your system. We recommend to start from 1000 (= 1 MB) and go as high as you can.
- parallelism
- Maximum number of parallel computations.
- You should choose a small number such as 1 or 4.
- iterations
- Number of iterations. Higher is better for security, but usually
you should use value
1
because it makes more sense (from security point of view) to raise memory parameter instead.
- Number of iterations. Higher is better for security, but usually
you should use value
- hashLength
- The value should be at least 16 bytes. More than 32 bytes is unnecessary from security point of view.
- memory
- OWASP suggests
the following parameter values:
- memory = 19 MiB of memory
- parallelism = 1
- iterations = 2
Example
import 'package:cryptography/cryptography.dart';
Future<void> main() async {
final algorithm = Argon2id(
parallelism: 4,
memory: 10000, // 10 000 x 1kB block = 10 MB
iterations: 3,
hashLength: 32,
);
final newSecretKey = await algorithm.deriveKey(
secretKey: SecretKey([1,2,3]),
nonce: [4,5,6],
);
final newSecretKeyBytes = await newSecretKey.extractBytes();
print('hashed password: $newSecretKeyBytes');
}
In need of synchronous APIs?
If you need to perform operations synchronously, use DartArgon2id in package:cryptography/dart.dart.
- Inheritance
-
- Object
- KdfAlgorithm
- Argon2id
- Implementers
Constructors
Properties
- hashCode → int
-
The hash code for this object.
no setteroverride
- hashLength → int
-
Hash length.
no setter
- iterations → int
-
Number of iterations.
no setter
- memory → int
-
Minimum number of 1 kB blocks needed to compute the hash.
no setter
- parallelism → int
-
Maximum number of processors attacker can use concurrently for each
attempt.
no setter
- runtimeType → Type
-
A representation of the runtime type of the object.
no setterinherited
- version → int
-
Argon2id algorithm version number.
no setter
Methods
-
deriveKey(
{required SecretKey secretKey, required List< int> nonce, List<int> optionalSecret = const <int>[], List<int> associatedData = const <int>[]}) → Future<SecretKey> -
Calculates output of Argon2id algorithm.
override
-
deriveKeyFromPassword(
{required String password, required List< int> nonce}) → Future<SecretKey> -
Generates a new secret key from a
password
and anonce
.inherited -
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a nonexistent method or property is accessed.
inherited
-
toString(
) → String -
A string representation of this object.
override
Operators
-
operator ==(
Object other) → bool -
The equality operator.
override