Crypt::Passphrase::Argon2 - An Argon2 encoder for Crypt::Passphrase
version 0.006
my $passphrase = Crypt::Passphrase->new( encoder => { module => 'Argon2', profile => 'interactive', }, );
This class implements an Argon2 encoder for Crypt::Passphrase. It is the recommended password encoder as of 2023.
The default settings are taken from the intermediate profile of libsodium's password hashing. You are highly encouraged to come up with your own settings: Crypt::Argon2 contains a argon2-calibrate tool to assist you in this.
argon2-calibrate
This creates a new Argon2 encoder, it takes named parameters that are all optional. Note that some defaults are likely to change at some point in the future, as computers get progressively more powerful and cryptoanalysis gets more advanced.
profile
This sets the default values for the memory_cost and time_cost values. The default profile is moderate, but this may change in any future version.
memory_cost
time_cost
moderate
interactive
This sets the defaults for memory_cost and time_cost to 2 and '64M' respectively.
2
'64M'
This sets the defaults for memory_cost and time_cost to 3 and '256M' respectively.
3
'256M'
sensitive
This sets the defaults for memory_cost and time_cost to 4 and '1G' respectively.
4
'1G'
Maximum memory (in bytes) that may be used to compute the Argon2 hash.
Maximum amount of time it may take to compute the Argon2 hash.
parallelism
The number of lanes (and potentially threads) used for the hash. This defaults to 1, but this number may change in any future version.
1
output_size
The size of a hashed value. This defaults to 16 bytes, increasing it only makes sense if your passwords actually contain more than 128 bits of entropy.
salt_size
The size of the salt. This defaults to 16 bytes, which should be more than enough for any use-case.
subtype
This choses the argon2 subtype. It defaults to argon2id, and unless you know what you're doing you should probably keep it at that. This may change in any future version (but is unlikely to do so unless argon2id is cryptographically broken).
argon2id
This is the default. It's a hybrid of argon2i and argon2d that largely combines the advantages of both.
argon2i
argon2d
This is optimized against timing attacks, but more vulnerable against other cryptographic attacks. It must not be used with a time_cost lower than 3.
This is optimized for resistance to GPU cracking attacks but not against timing based side-channel attacks.
Note: there is no wrong or right configuration, it all depends on your own particular circumstances. I recommend using the algorithm described in Crypt::Argon2 to pick the right settings for you.
This hashes the passwords with argon2 according to the specified settings and a random salt (and will thus return a different result each time).
This returns true if the hash uses a different cipher or subtype, or if any of the parameters is lower that desired by the encoder.
This class supports the following crypt types: argon2id, argon2i and argon2d.
This will check if a password matches an argon2 hash.
Leon Timmermans <leont@cpan.org>
This software is copyright (c) 2021 by Leon Timmermans.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
To install Crypt::Passphrase::Argon2, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Crypt::Passphrase::Argon2
CPAN shell
perl -MCPAN -e shell install Crypt::Passphrase::Argon2
For more information on module installation, please visit the detailed CPAN module installation guide.