argon2_pass($type,$password,$salt,$t_cost,$m_factor,$parallelism,$tag_size)
This function processes the $password with the given $salt and parameters. It encodes the resulting tag
and the parameters as a password string (e.g.
"$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA").
• $type
The argon2 type that is used. This must be one of 'argon2id', 'argon2i' or 'argon2d'.
• $password
This is the password that is to be turned into a cryptographic key.
• $salt
This is the salt that is used. It must be long enough to be unique.
• $t_cost
This is the time-cost factor, typically a small integer that can be derived as explained above.
• $m_factor
This is the memory costs factor. This must be given as a integer followed by an order of magnitude
("k", "M" or "G" for kilobytes, megabytes or gigabytes respectively), e.g. '64M'.
• $parallelism
This is the number of threads that are used in computing it.
• $tag_size
This is the size of the raw result in bytes. Typical values are 16 or 32.
argon2_verify($encoded,$password)
This verifies that the $password matches $encoded. All parameters and the tag value are extracted from
$encoded, so no further arguments are necessary.
argon2_raw($type,$password,$salt,$t_cost,$m_factor,$parallelism,$tag_size)
This function processes the $password with the given $salt and parameters much like "argon2_pass", but
returns the binary tag instead of a formatted string.
argon2id_pass($password,$salt,$t_cost,$m_factor,$parallelism,$tag_size)argon2i_pass($password,$salt,$t_cost,$m_factor,$parallelism,$tag_size)argon2d_pass($password,$salt,$t_cost,$m_factor,$parallelism,$tag_size)
This function processes the $password much like "argon2_pass" does, but the $type argument is set like
the function name.
argon2id_verify($encoded,$password)argon2i_verify($encoded,$password)argon2d_verify($encoded,$password)
This verifies that the $password matches $encoded and the given type. All parameters and the tag value
are extracted from $encoded, so no further arguments are necessary.
argon2id_raw($password,$salt,$t_cost,$m_factor,$parallelism,$tag_size)argon2i_raw($password,$salt,$t_cost,$m_factor,$parallelism,$tag_size)argon2d_raw($password,$salt,$t_cost,$m_factor,$parallelism,$tag_size)
This function processes the $password much like "argon2_raw" does, but the $type argument is set like the
function name.
argon2_needs_rehash($encoded,$type,$t_cost,$m_cost,$parallelism,$output_length,$salt_length)
This function checks if a password-encoded string needs a rehash. It will return true if the $type (valid
values are "argon2i", "argon2id" or "argon2d"), $t_cost, $m_cost, $parallelism, $output_length or
$salt_length arguments mismatches any of the parameters of the password-encoded hash.
argon2_types
This returns all supported argon2 subtypes. Currently that's 'argon2id', 'argon2i' and 'argon2d'.
ACKNOWLEDGEMENTS
This module is based on the reference implementation as can be found at
<https://github.com/P-H-C/phc-winner-argon2>.
SEEALSO
You will also need a good source of randomness to generate good salts. Some possible solutions include:
• Net::SSLeay
Its RAND_bytes function is OpenSSL's pseudo-randomness source.
• Crypt::URandom
A minimalistic abstraction around OS-provided non-blocking (pseudo-)randomness.
• "/dev/random" / "/dev/urandom"
A Linux/BSD specific pseudo-file that will allow you to read random bytes.
Implementations of other similar algorithms include:
• Crypt::Bcrypt
An implementation of bcrypt, a battle-tested algorithm that tries to be CPU but not particularly
memory intensive.
• Crypt::ScryptKDF
An implementation of scrypt, a older scheme that also tries to be memory hard.