3,977 questions
C++ libsodium Argon2id for hashing passords
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 62%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
sValentin
81
Reputation points
I tried to get the equivalent of Java Bouncy Castle Argon2id implementation in C++ using libsodium but the result is different between Java and C++. I used Base64 in java as I need it to be stored in a database as characters and not bytes.
Can someone help me correct what is wrong? One problem that I think is that in C++ I didn't saw an option for Parallelism. Another one might be the way the salt is handled in Java and C++. Another the way the hash is turned into readable/string result.
withParallelism() I thought should only affect the speed, but it also affect the result, as I get different String in the end with different value for it.
public static String hashPassword(String string, String salt) {
Argon2Parameters.Builder builder = new Argon2Parameters.Builder(Argon2Parameters.
.withSalt(salt.getBytes()).withParallelism(4).withMemoryAsKB(65536).withIterations(4);
Argon2BytesGenerator generator = new Argon2BytesGenerator();
generator.init(builder.build());
byte[] hash = new byte[64];
generator.generateBytes(string.getBytes(StandardCharsets.
return Base64.
}
public static void main(String[] args) {
String password = "ThisIsPassword";
String salt = "ThisIsSalt";
String hashedPassword =
System.
}
#include <sodium.h>
#include <iostream>
#include <string>
#include <vector>
std::string base64_encode(const unsigned char* input, size_t length) {
size_t encoded_length = sodium_base64_encoded_len(length, sodium_base64_VARIANT_ORIGINAL);
std::vector<char> encoded(encoded_length);
sodium_bin2base64(encoded.data(), encoded_length, input, length, sodium_base64_VARIANT_ORIGINAL);
return std::string(encoded.data());
}
std::string hashPassword(const std::string& password, const std::string& salt) {
if (sodium_init() < 0) {
throw std::runtime_error("Failed to initialize libsodium");
}
std::vector<unsigned char> hash(64);
if (crypto_pwhash(
hash.data(), hash.size(),
password.c_str(), password.size(),
reinterpret_cast<const unsigned char*>(salt.c_str()),
4,
65536,
crypto_pwhash_ALG_ARGON2ID13) != 0) {
throw std::runtime_error("Failed to hash password");
}
return base64_encode(hash.data(), hash.size());
}
int main() {
std::string password = "ThisIsPassword";
std::string salt = "ThisIsSalt";
try {
std::string hashedPassword = hashPassword(password, salt);
std::cout << hashedPassword << std::endl;
}
catch (const std::exception& e) {
std::cerr << "Error: " << e.what() << std::endl;
}
return 0;
}
Developer technologies | C++
{count} votes
-
Viorel 122.6K Reputation points2024-12-26T23:21:24.2466667+00:00 Why same results in Java and C++ are required?
-
sValentin 81 Reputation points
2024-12-27T05:02:54.9433333+00:00 Because they are used on different devices (PC, Android, iOS, Play Station, Xbox), Maybe not all, but PC and Android for sure, so I do need the same result.
-
sValentin 81 Reputation points
2024-12-28T13:37:34.96+00:00 Yeah, the problem is that libsodium does not offer a configuration for Parallelism, and so the result will be different. Too bad Bouncy Castle only offer support for Java and C# and not C/C++ also.
Sign in to comment
Sign in to answer