My question may be more about cryptography than about the Comeonin library. Consider the following code :
hashed1 = Comeonin.Argon2.hashpwsalt("my_passwd") hashed2 = Comeonin.Argon2.hashpwsalt("my_passwd") Comeonin.Argon2.checkpw("my_passwd", hashed1) Comeonin.Argon2.checkpw("my_passwd", hashed2)
According to the documentation, The function call
Comeonin.Argon2.hashpwsalt hash the password using ’ argon2’ algorithm, with a randomly generated salt. Indeed, some salt must be used, as
hashed2 differ after executing the above code. Still according to the documentation, the function call
Comeonin.Argon2.checkpw() check if the password matches the hash.
In the above code, both
checkpw function calls return
true. So somehow it must be that the randomly generated salt is stored somewhere, but where ? and how ? I could not fin any information about that in the documentation. Another possibility is that somehow, through a genius cryptographic idea that I do not understand, the salt is not needed to check if a password matches the hash. But I could not find any information about such techniques on the web.
My question is : which is it ? if ‘stored’, is there a possibility to retrieve the randomly generated salt (in order to store it along user in the database) ? if ‘genius cryptographic idea’, then very well…