R/argon2.R
argon2.RdArgon2 is a resource intensive password-based key derivation scheme. A typical application is generating an encryption key from a text password.
argon2(password, salt = password, length = 32, type = "chr")A character string used to derive the random bytes
16-byte raw vector or 32-character hexadecimal string. A salt is data used as additional input to key derivation which helps defend against attacks that use pre-computed (i.e. rainbow) tables. Note: A salt does not need to be a secret. See https://en.wikipedia.org/wiki/Salt_(cryptography) for more details. The 'salt' may also be a non-hexadecimal string, in which case a real salt will be created by using Argon2 with a default internal salt.
Number of bytes to output. Default: 32
Should the data be returned as raw bytes? Default: "chr". Possible values "chr" or 'raw'
raw vector of the requested length
Using the same password with the same salt will always generate the same key. It is recommended that a random salt be used.
The 'C' version of the ARgon2 algorithm is configured with:
Use the Argon2id variant of the algorithm
single-threaded
3 iterations
100 megabytes of memory
See https://en.wikipedia.org/wiki/Argon2 and https://monocypher.org/manual/argon2 for more information.
# For the sake of convenience for novice users, a salt will be
# derived internally from the password.
argon2("my secret")
#> [1] "bd7549bef4100b888c47e421b03c52fee58b285fcc40dfa4c0502689c4ed16d0"
# Calling 'argon2()' without a seed is equivalent to using the password
# as the seed. This is not the best security practice
argon2("my secret", salt = "my secret")
#> [1] "bd7549bef4100b888c47e421b03c52fee58b285fcc40dfa4c0502689c4ed16d0"
# Best practice is to use random bytes for the salt
# This particular key can then only be recovered if the password and
# the salt are known.
salt <- rbyte(16) # You'll want to save this value somewhere
argon2("my secret", salt = salt)
#> [1] "b23c6dcc47d45a81a17c6526db020c9598c128365891e94991a7bdeee054c5d5"