This Crystal shard provides C bindings, and a simplified interface, to the Argon2 algorithm. Argon2 is the official winner of the Password Hashing Competition, a several year project to identify a successor to bcrypt/PBKDF/scrypt methods of securely storing passwords. This is an independent project and not official from the PHC team.
This project is mostly a clone of this awesome ruby project technion/ruby-argon2
dependencies: crystal-argon2: github: sushichain/crystal-argon2
This project has several key tenants to its design:
To generate a hash using specific time and memory cost:
hasher = Argon2::Password.new(t_cost: 2, m_cost: 16) hasher.create("password") => "$argon2i$v=19$m=65536,t=2,p=1$jL7lLEAjDN+pY2cG1N8D2g$iwj1ueduCvm6B9YVjBSnAHu+6mKzqGmDW745ALR38Uo"
To utilise default costs:
hasher = Argon2::Password.new hasher.create("password")
If you follow this pattern, it is important to create a new
Argon2::Password every time you generate a hash, in order to ensure a unique salt. See issue 23 for more information.
Alternatively, use this shotcut:
Argon2::Password.create("password") => "$argon2i$v=19$m=65536,t=2,p=1$61qkSyYNbUgf3kZH3GtHRw$4CQff9AZ0lWd7uF24RKMzqEiGpzhte1Hp8SO7X8bAew"
You can then use this function to verify a password against a given hash. Will return either
Argon2::Response::ARGON2_OK for success or raise and exception with then appropriate error code e.g.
cd ext && make
To generate the initial crystal bindings using this library:
maketo build the argon2 code
# export LLVM_CONFIG=/usr/local/opt/llvm/bin/llvm-config @[Include("../phc-winner-argon2/include/argon2.h")] @[Link("argon2")] lib LibArgon2 fun argon2i_hash_raw fun argon2i_hash_encoded fun argon2d_hash_raw fun argon2d_hash_encoded fun argon2id_hash_raw fun argon2id_hash_encoded fun argon2i_verify fun argon2d_verify fun argon2id_verify end
git checkout -b my-new-feature)
git commit -am 'Add some feature')
git push origin my-new-feature)