I have some code written in Python using the Python Argon2 library.
A simple test to encode an email addresses:
import argon2
print(argon2.argon2_hash("[email protected]", salt="1558cc06add8a1023cbfa527c5af29fe", t=16, m=8, p=1, buflen=16, argon_type=argon2.Argon2Type.Argon2_i).hex())`
Result:
f62830118f962095caad9cdbc64e0bc2
If I then try the Argon2 command line untility (on Debian Bullseye, up-to-date as of 17th November 2022):
echo -n [email protected] | argon2 1558cc06add8a1023cbfa527c5af29fe -t 16 -m 8 -p 1 -l 16 -r
(Note the -n option for echo so it doesn't add a newline at the end).
I get:
4955d9263eb65cd9071aaea6bc60a93e
If I then try in Go:
package main
import (
"fmt"
"encoding/hex"
"golang.org/x/crypto/argon2"
)
const argon2Iterations uint32 = 16
const argon2Memory uint32 = 8
const argon2Parallelism uint8 = 1
const argon2KeyLength uint32 = 16
func main() {
fmt.Println(hex.EncodeToString(argon2.Key([]byte("[email protected]"), []byte("1558cc06add8a1023cbfa527c5af29fe"), argon2Iterations, argon2Memory, argon2Parallelism, argon2KeyLength)))
}
I get:
330bb2088c87342a4abe1a987940bbec
I then try a couple of web-based hash generators:
https://argon2.online/ - Screenshot from Argon2 Online
https://antelle.net/argon2-browser/ - Screenshot from Argon2 In Browser
Both of which return the same as the Go implementation:
330bb2088c87342a4abe1a987940bbec
My guess is that the "correct" version is the Go version that matches the web-based utilities and that I'm doing something wrong in the way I'm using the Python or command line implementations. However, looking at the code above, I can't figure out what that difference is - I think everything is using the Argon2i algorithm, with the same values for iterations / memory usage and so on, so the resulting hash values should be the same, shouldn't they?