Skip to content

Add Argon2 password hashing (RFC 9106) #1334

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Coralesoft wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add Argon2 password hashing (RFC 9106) #1334

Coralesoft wants to merge 3 commits into from

Conversation

@Coralesoft
Copy link

@Coralesoft Coralesoft commented Oct 25, 2025
edited
Loading

I've implemented Argon2 password hashing for Cryptopp.
( I was using the cryptopp library for a project and also needed Argon2)
This adds support for all three variants from RFC 9106: Argon2d, Argon2i, and Argon2id.

What's included:

  • Full implementation of Argon2 (version 0x13)
  • All three variants working and tested
  • OpenMP parallelization support
  • RFC 9106 test vectors included
  • Integration with the existing test suite

Testing:
I've verified all three variants against the RFC 9106 Known Answer Tests and they all pass.
The implementation follows the same patterns as Scrypt and other KDFs in the library.

Implementation notes:

  • Based on the reference implementation at https://github.com/P-H-C/phc-winner-argon2
  • Uses default parameters of t=3, m=64 MiB, p=4 (RFC 9106's second recommendation for memory-constrained environments)
  • Follows existing Crypto++ code style and conventions

Let me know if you'd like me to make any changes or if you have questions

Thanks
Colin

Resolves #399

@Coralesoft
Add Argon2 password hashing (RFC 9106)
b87e092 
  - Implement Argon2d, Argon2i, and Argon2id variants
  - Add RFC 9106 test vectors
  - Integrate with existing test suite
  - Support OpenMP parallelization
  - All variants verified against RFC 9106 Known Answer Tests
@Coralesoft
Add BLAKE3 cryptographic hash function
3566f7b 
- Implement BLAKE3 hash with 32-byte default output
- Support keyed hashing (MAC mode) and key derivation (KDF mode)
- Add variable-length output (XOF) support
- Implement tree hashing with Merkle structure for parallelization
- Add official test vectors from BLAKE3 team reference implementation
- Integrate with existing test suite (test.cpp case 88)
- All test vectors verified against official BLAKE3 specification
@Coralesoft
Fix timing attack in PKCS1v15 padding validation
0923d82 
Replaces variable-time separator search with constant-time implementation to mitigate Marvin Attack (CVE-2022-4304). Uses bitwise operations to avoid data-dependent timing leaks.

Fixes three timing vulnerabilities:
  - Variable-time while loop
  - Early return on invalid padding
  - Variable-length memcpy operation

Fixes weidai11#1247
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Argon2 support

1 participant

@Coralesoft