Some parameter combinations cause a password to not validate against itself about argon2-cffi HOT 8 CLOSED

Hi David,

I am already using Hypothesis! :)

I’m just not using it enough. :( Mostly because I hadn’t the time to learn it properly.

I have opened an issue on the Argon2 bug tracker because I could reproduce it in their C client too.

P.S. I’m obviously happy to accept good uses of hypothesis. :)

from argon2-cffi.

So you are! Sorry, I'd missed that. I'd looked at test_password_hasher but not any of the others.

from argon2-cffi.

FWIW, it's not just digest sizes < 12. The following combination also fails:

password='', time_cost=1, parallelism=1, memory_cost=8, hash_len=513, salt_len=8

from argon2-cffi.

Here's the full test if you want to try it out yourself:

from argon2 import PasswordHasher

from hypothesis import given, assume
import hypothesis.strategies as st


class TestPasswordHasherWithHypothesis(object):
    @given(
        password=st.text(),
        time_cost=st.integers(1, 10),
        parallelism=st.integers(1, 10),
        memory_cost=st.integers(8, 2048),
        hash_len=st.integers(12, 1000),
        salt_len=st.integers(8, 1000),
    )
    def test_a_password_verifies(
        self,
        password, time_cost, parallelism, memory_cost, hash_len, salt_len,
    ):
        assume(parallelism * 8 <= memory_cost)
        ph = PasswordHasher(
            time_cost=time_cost, parallelism=parallelism,
            memory_cost=memory_cost,
            hash_len=hash_len, salt_len=salt_len,
        )
        hash = ph.hash(password)
        assert ph.verify(hash, password)

from argon2-cffi.

This also breaks:

time_cost=1, parallelism=1, memory_cost=8, hash_len=12, salt_len=513

It looks like this may be a separate issue where salt and hash lengths > 512 do not work. If I restrict them to be <= 512 the test passes.

from argon2-cffi.

There have been a several relevant upstream bugs that now have fixes in place. Would suggest pulling in the latest and identifying what does (if anything) and doesn't still exist.

from argon2-cffi.

Ouch, I’ve deleted the comment. Apparently I’ve run into a nasty new bug. Contacting the authors privately.

from argon2-cffi.

The latest revision of the bindings appear to have fixed all of this.

I’ve added a similar test as a smoke test if they break something again.

The bindings introduced other breakage but that’s something for other tickets.

from argon2-cffi.