1
$\begingroup$

I'm trying to perform a hash update with updated parameters using argon2. According to Argon spec v3 (2.2.3 Client-indepentend Update, p. 9) the client independent update is executed as follows:

$$ Tag_{new} = \Pi(Tag_{old},S,m_{new},R_{new},\tau_{new}) $$

I'm assuming $\Pi$ to be our hash fn Argon2i/Argon2d (as used in 2.4.4 Security of Argon2 to generic attacks, p. 15) and $R_{new}$ the parallelism param.

Now, using the online tool https://argon2.online/ , I performed the following attempt:

  • input asdf as plain text input
  • input salt11chars as salt
  • leave params as default (mode=argon2i, parallelism=1, $m=16, $$t=2$, $\tau=16$)
  • calculate hash
  • input calculated hash as plain text input
  • increase parallelism by 1
  • calculate hash
  • verify if asdf matches the hash

$\rightarrow$ verification fails

So why is that and what am I doing wrong here? Thanks in advance.

Improve this question
$\endgroup$
6
  • $\begingroup$ For client independent updates with Argon2 is possible only for iteration and you need to store full output size ( 512-bit). If you look at the image at this answer, you will see why or page 6 see the initial hash and the first final hash. $\endgroup$ Commented Jun 14, 2022 at 10:37
  • $\begingroup$ See discussion here Password hashing algorithms that can transform an existing hash to a different cost setting without knowledge of the password $\endgroup$ Commented Jun 14, 2022 at 11:22
  • $\begingroup$ Thanks for your hints. Would it be possible for you to give me an example? And where have I access to the full output, given the final tag is actually a composite hash a ccording to the figure? $\endgroup$ Commented Jun 14, 2022 at 12:00
  • $\begingroup$ I don't think that Argon2 has a true client-independent update. $\endgroup$ Commented Jun 14, 2022 at 12:03
  • $\begingroup$ FYI: According to OWASP Best Practices for Password Storage, one should hash the old hashed password with a new hash, generated by a newer hashing algorithm. After the user enters the original password, one can hash it using only the newer hashing algorithm and store its' hash. I assume this 2 step hashing has to be included for backwards compatibility, until all users have input their original passwords at least once and generated a hash with the newer hashing algorithm. $\endgroup$ Commented Jun 22, 2022 at 13:13

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.