def setUp(self):
self.password = bytes([
1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1,
])
self.hasher = Hasher(
additional_data=bytes([
4, 4, 4, 4, 4, 4, 4, 4,
4, 4, 4, 4
]),
salt=bytes([
2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2
]),
secret_key=bytes([
3, 3, 3, 3, 3, 3, 3, 3
]),
hash_len=32,
iterations=3,
lanes=4,
memory_size=32,
threads=4,
)
def test_hash4(self):
hasher = Hasher(secret_key="secret", additional_data="data")
encoded = hasher.hash(password=self.password)
verifier = Verifier(secret_key=None)
is_valid = verifier.verify(password=self.password, hash=encoded)
self.assertFalse(is_valid)
verifier = Verifier(secret_key=None, additional_data="data")
is_valid = verifier.verify(password=self.password, hash=encoded)
self.assertFalse(is_valid)
verifier = Verifier(secret_key="secret")
is_valid = verifier.verify(password=self.password, hash=encoded)
self.assertFalse(is_valid)
verifier = Verifier(secret_key="secret", additional_data="data")
is_valid = verifier.verify(password=self.password, hash=encoded)
self.assertTrue(is_valid)
from argonautica import Hasher hasher = Hasher(secret_key='somesecret', hash_len=16) hash = hasher.hash(password='******') print(hash)
class TestHash2(unittest.TestCase):
def setUp(self):
self.password = bytes([
1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1,
])
self.hasher = Hasher(
additional_data=bytes([
4, 4, 4, 4, 4, 4, 4, 4,
4, 4, 4, 4
]),
salt=bytes([
2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2
]),
secret_key=bytes([
3, 3, 3, 3, 3, 3, 3, 3
]),
hash_len=32,
iterations=3,
lanes=4,
memory_size=32,
threads=4,
)
def test_hash_0x10_2d(self):
self.hasher.variant = Variant.Argon2d
self.hasher.version = Version._0x10
encoded = self.hasher.hash(password=self.password)
decoded = decode(encoded)
obtained = decoded.raw_hash_bytes
expected = bytes([
0x96, 0xa9, 0xd4, 0xe5, 0xa1, 0x73, 0x40, 0x92, 0xc8, 0x5e, 0x29, 0xf4, 0x10, 0xa4,
0x59, 0x14, 0xa5, 0xdd, 0x1f, 0x5c, 0xbf, 0x08, 0xb2, 0x67, 0x0d, 0xa6, 0x8a, 0x02,
0x85, 0xab, 0xf3, 0x2b,
])
self.assertEqual(expected, obtained)
def test_hash_0x10_2i(self):
self.hasher.variant = Variant.Argon2i
self.hasher.version = Version._0x10
encoded = self.hasher.hash(password=self.password)
decoded = decode(encoded)
obtained = decoded.raw_hash_bytes
expected = bytes([
0x87, 0xae, 0xed, 0xd6, 0x51, 0x7a, 0xb8, 0x30, 0xcd, 0x97, 0x65, 0xcd, 0x82, 0x31,
0xab, 0xb2, 0xe6, 0x47, 0xa5, 0xde, 0xe0, 0x8f, 0x7c, 0x05, 0xe0, 0x2f, 0xcb, 0x76,
0x33, 0x35, 0xd0, 0xfd,
])
self.assertEqual(expected, obtained)
def test_hash_0x10_2id(self):
self.hasher.variant = Variant.Argon2id
self.hasher.version = Version._0x10
encoded = self.hasher.hash(password=self.password)
decoded = decode(encoded)
obtained = decoded.raw_hash_bytes
expected = bytes([
0xb6, 0x46, 0x15, 0xf0, 0x77, 0x89, 0xb6, 0x6b, 0x64, 0x5b, 0x67, 0xee, 0x9e, 0xd3,
0xb3, 0x77, 0xae, 0x35, 0x0b, 0x6b, 0xfc, 0xbb, 0x0f, 0xc9, 0x51, 0x41, 0xea, 0x8f,
0x32, 0x26, 0x13, 0xc0,
])
self.assertEqual(expected, obtained)
def test_hash_0x13_2d(self):
self.hasher.variant = Variant.Argon2d
self.hasher.version = Version._0x13
encoded = self.hasher.hash(password=self.password)
decoded = decode(encoded)
obtained = decoded.raw_hash_bytes
expected = bytes([
0x51, 0x2b, 0x39, 0x1b, 0x6f, 0x11, 0x62, 0x97, 0x53, 0x71, 0xd3, 0x09, 0x19, 0x73,
0x42, 0x94, 0xf8, 0x68, 0xe3, 0xbe, 0x39, 0x84, 0xf3, 0xc1, 0xa1, 0x3a, 0x4d, 0xb9,
0xfa, 0xbe, 0x4a, 0xcb,
])
self.assertEqual(expected, obtained)
def test_hash_0x13_2i(self):
self.hasher.variant = Variant.Argon2i
self.hasher.version = Version._0x13
encoded = self.hasher.hash(password=self.password)
decoded = decode(encoded)
obtained = decoded.raw_hash_bytes
expected = bytes([
0xc8, 0x14, 0xd9, 0xd1, 0xdc, 0x7f, 0x37, 0xaa, 0x13, 0xf0, 0xd7, 0x7f, 0x24, 0x94,
0xbd, 0xa1, 0xc8, 0xde, 0x6b, 0x01, 0x6d, 0xd3, 0x88, 0xd2, 0x99, 0x52, 0xa4, 0xc4,
0x67, 0x2b, 0x6c, 0xe8,
])
self.assertEqual(expected, obtained)
def test_hash_0x13_2id(self):
self.hasher.variant = Variant.Argon2id
self.hasher.version = Version._0x13
encoded = self.hasher.hash(password=self.password)
decoded = decode(encoded)
obtained = decoded.raw_hash_bytes
expected = bytes([
0x0d, 0x64, 0x0d, 0xf5, 0x8d, 0x78, 0x76, 0x6c, 0x08, 0xc0, 0x37, 0xa3, 0x4a, 0x8b,
0x53, 0xc9, 0xd0, 0x1e, 0xf0, 0x45, 0x2d, 0x75, 0xb6, 0x5e, 0xb5, 0x25, 0x20, 0xe9,
0x6b, 0x01, 0xe6, 0x59,
])
self.assertEqual(expected, obtained)
from argonautica import Hasher
from argonautica.data import RandomSalt
hasher = Hasher(
salt=RandomSalt(16),
# 👆 Here we're using a RandomSalt of length of 16 bytes
# instead of the default, which is a RandomSalt of length 32 bytes
secret_key="somesecret")
hash = hasher.hash(password='******')
print(hash)
from argonautica import Hasher, Verifier
from argonautica.config import Backend, Variant, Version
# This does the same thing as the configuration2.py example. Instead of
# configuring a Hasher and a Verifier by passing keywork arguments to their
# constructors, however, this example pushes the configuration down to the
# hash method and the verify method, which is also possible.
#
# The only difference is that configuration options passed to the hash method
# of a Hasher or the verify method of a Verifier will will not persist on the
# Hasher / Verifier instances (i.e. they are not stored like in the case of
# passing them as keyword arguments to the constructor or assigning them as
# properties of the instance)...
hasher = Hasher(secret_key=None)
hash = hasher.hash(password='******',
additional_data=None,
backend=Backend.C,
hash_len=32,
iterations=192,
lanes=2,
memory_size=4096,
threads=2,
salt='somesalt',
variant=Variant.Argon2id,
version=Version._0x13)
assert (
hash ==
'$argon2id$v=19$m=4096,t=192,p=2$c29tZXNhbHQ$8nD3gRm+NeOcIiIrlnzDAdnK4iD+K0mVqFXowGs13M4'
)
def test_overflow(self):
hasher = Hasher(secret_key=None, hash_len=0x1000000000)
try:
encoded = hasher.hash(password=self.password)
except OverflowError:
pass
from argonautica import Hasher, Verifier from argonautica.config import Backend, Variant, Version hasher = Hasher(secret_key=None) # 👆 A secret key (passed as a keyword argument) is required to instantiate a # Hasher, a Verifier, or an Argon2, but you are allowed to pass `None` # in order to forgo using a secret key (this is not recommended) hasher.additional_data = None # Default is None # 👆 Although rarely used, argon2 allows you to hash a password # with not only salt and a secret key, but also with "additional data", # which acts as a kind of secondary secret key. Like a secret key, it affects # the outcome of the hash and is not stored in the string-encoded output, meaning # later, to verify against a hash created with additional data, you will need to # supply the same additional data manually to the Verifier (just like you have to # do with a secret key). Again, this is rarely used. hasher.backend = Backend.C # Default is Backend.C # 👆 argonautica was designed to support multiple backends (meaning multiple # implementations of the underlying argon2 algorithm). Currently only the # C backend is supported, which uses the cannonical argon2 library written # in C to actually do the work. In the future a Rust backend will also be # supported, but, for the moment, you must use Backend.C, which is the # default. Using Backend.Rust will result in an error (again, for the # moment). hasher.hash_len = 32 # Default is 32 # 👆 The hash length in bytes is configurable. The default is 32. # This is probably a good number to use. 16 is also probably fine. # You probably shouldn't go below 16
def argonautica():
hasher = Hasher(secret_key=None, variant=Variant.Argon2i)
hasher.hash(password="******")