You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to RFC 9106, the valid values for the parameters and the key length are:
$1 \leq t \leq 2^{32} - 1$ (number of passes, time)
$8p \leq m \leq 2^{32} - 1$ (memory size, memory)
$1 \leq p \leq 2^{24} - 1$ (degree of parallelism, threads)
$4 \leq T \leq 2^{32} - 1$ (tag length, keyLen)
No need to check maximum values of time, memory and keyLen, since these are math.MaxUint32. Also, since threads is uint8, there is no need to check the maximum value.
The minimum values of time and threads are already checked. However, the minimum values of memory and keyLen seem not to be checked. So, I would suggest checking for these minimum values and either panic or return an error if they are invalid.
Examples
import"golang.org/x/crypto/argon2"// `memory` is invalididKey:=argon2.IDKey([]byte("passphrase"), salt, 3, 24, 4, 4)
// `keyLen` is invalidkey:=argon2.Key([]byte("passphrase"), salt, 3, 32, 4, 3)
The text was updated successfully, but these errors were encountered:
Proposal Details
According to RFC 9106, the valid values for the parameters and the key length are:
time
)memory
)threads
)keyLen
)No need to check maximum values of
time
,memory
andkeyLen
, since these aremath.MaxUint32
. Also, sincethreads
isuint8
, there is no need to check the maximum value.The minimum values of
time
andthreads
are already checked. However, the minimum values ofmemory
andkeyLen
seem not to be checked. So, I would suggest checking for these minimum values and either panic or return an error if they are invalid.Examples
The text was updated successfully, but these errors were encountered: