My question may be more about cryptography than about the Comeonin library. Consider the following code :
hashed1 = Comeonin.Argon2.hashpwsalt("my_passwd")
hashed2 = Comeonin.Argon2.hashpwsalt("my_passwd")
Comeonin.Argon2.checkpw("my_passwd", hashed1)
Comeonin.Argon2.checkpw("my_passwd", hashed2)
According to the documentation, The function call Comeonin.Argon2.hashpwsalt
hash the password using ’ argon2’ algorithm, with a randomly generated salt. Indeed, some salt must be used, as hashed1
and hashed2
differ after executing the above code. Still according to the documentation, the function call Comeonin.Argon2.checkpw()
check if the password matches the hash.
In the above code, both checkpw
function calls return true
. So somehow it must be that the randomly generated salt is stored somewhere, but where ? and how ? I could not fin any information about that in the documentation. Another possibility is that somehow, through a genius cryptographic idea that I do not understand, the salt is not needed to check if a password matches the hash. But I could not find any information about such techniques on the web.
My question is : which is it ? if ‘stored’, is there a possibility to retrieve the randomly generated salt (in order to store it along user in the database) ? if ‘genius cryptographic idea’, then very well…