Learn R
argon2 (version 0.2-0)

hashing: Password Hashing

Description

Basic password hashing. Use pw_hash() to hash and pw_check() to compare a possible password with the hashed password.

Usage

pw_hash(pass, type = "i")
pw_check(hash, pass)

Arguments

pass

The (plaintext) password.

type

Choice of algorithm; choices are "i" and "d".

hash

The hashed password; this is the output of pw_hash().

Value

pw_hash() returns a hash to be used as an input to pw_check().

pw_check() returns TRUE or FALSE, whether or not the plaintext password matches its hash.

Details

For more hashing options, see the sodium and bcrypt.

This uses the argon2 (i or d variety) hash algorithm. See references for details and implementation source code (also bundled with this package).

Our binding uses a 512 bit salt with data generated from MT, a "time cost" (number of passes) of 16, "memory cost" of 8192 MiB, and 1 thread.

References

Biryukov, A., Dinu, D. and Khovratovich, D., 2015. Fast and Tradeoff-Resilient Memory-Hard Functions for Cryptocurrencies and Password Hashing. IACR Cryptology ePrint Archive, 2015, p.430.

Reference implementation https://github.com/P-H-C/phc-winner-argon2

Examples

Run this code
# NOT RUN {
library(argon2)

pass <- "myPassw0rd!"
hash <- pw_hash(pass)
hash # store this

pw_check(hash, pass)
pw_check(hash, "password")
pw_check(hash, "1234")
# }
# NOT RUN {
# }

Run the code above in your browser using DataLab