Comeonin : where is the salt stored?

My question may be more about cryptography than about the Comeonin library. Consider the following code :

hashed1 = Comeonin.Argon2.hashpwsalt("my_passwd") 
hashed2 = Comeonin.Argon2.hashpwsalt("my_passwd") 
Comeonin.Argon2.checkpw("my_passwd", hashed1)
Comeonin.Argon2.checkpw("my_passwd", hashed2)

According to the documentation, The function call Comeonin.Argon2.hashpwsalt hash the password using ’ argon2’ algorithm, with a randomly generated salt. Indeed, some salt must be used, as hashed1 and hashed2 differ after executing the above code. Still according to the documentation, the function call Comeonin.Argon2.checkpw() check if the password matches the hash.

In the above code, both checkpw function calls return true. So somehow it must be that the randomly generated salt is stored somewhere, but where ? and how ? I could not fin any information about that in the documentation. Another possibility is that somehow, through a genius cryptographic idea that I do not understand, the salt is not needed to check if a password matches the hash. But I could not find any information about such techniques on the web.

My question is : which is it ? if ‘stored’, is there a possibility to retrieve the randomly generated salt (in order to store it along user in the database) ? if ‘genius cryptographic idea’, then very well…

1 Like

The salt is stored with the password. The output of the Argon2 command will return both the salt and the password in the same string.

EDIT: I made an example run of the Argon2 command:

iex(1)> Comeonin.Argon2.hashpwsalt("foo")

The salt here is the second to last part delimited by the $ characters, in this case Y8ltIarw1OMPh9dYzhVdKg. The final part is the hashed password, at the start is the algorithm name and some parameters so that the next time it is run with the same values. See here for a full description of the output format of Argon2.


How didn’t I thought of that…
Thank you for the information :slight_smile:

The answer given by @Nicd is correct. This is just a little more information about the format of the argon2 hash.

In the hash you showed, each part is separated by a ‘$’ sign:

  • part 1 is the hash identifier and argon2 type - in this case, the 2i variant of argon2
  • part 2 is the version number - version 19
  • part 3 shows the options - amount of memory, number of passes and number of parallel lanes
  • part 4 is the base64-encoded random salt
  • part 5 is the base64-encoded hash

Bcrypt and Pbkdf2 are formatted in a similar way.