1

I am learning cryptography and started a simple project where I intend on using Argon2 to hash my password with a randomly generated salt and then use this hash to generate cipher text and encrypt data using AES algorithm.

However, my hash always seems to be over 32 bytes.

For Hash key generation, I use the following:

ph = PasswordHasher(hash_len=32, salt_len=16)
hash = ph.hash(key)

When I print this, I find the output that looks like this:

Hash:  $argon2id$v=19$m=65536,t=3,p=4$BkGV9OL8x2VlYhPyj7efVA$5U6H89HJb+6IkQxYYWkp9CQd42dEXdiSwKfdB0PnEZI
Hashed password:  5U6H89HJb+6IkQxYYWkp9CQd42dEXdiSwKfdB0PnEZI
Salt:  BkGV9OL8x2VlYhPyj7efVA

Length of Password: 43
Length of Salt: 22

I am able to verify this password without any issue as follows:

ph.verify(hash, key)

I try to encrypt data using AES as follows:

cipher = AES.new(key, AES.MODE_EAX)
nonce = cipher.nonce
ciphertext, tag = cipher.encrypt_and_digest(data)

This always results in an error:

ValueError: Incorrect AES key length (43 bytes)

Why does the length of the key always exceed 32 bytes even when I explicitly specify it in the PasswordHasher Am I missing something?

Varun Pius Rodrigues
  • 337
  • 2
  • 8
  • 3
    The hasher generates a 32-byte output. It looks like you, at some point you or the library have used Base64 encoding which does a 4-to-3 expansion of the bytes to convert it into printable characters. To get the 32-bytes expected by AES, you'll need to unencode. – Frank Yellin Mar 14 '23 at 06:03
  • 1
    Note that this is unpadded base64, so you either need to add the character `=` to the end - making it a multiple of 4 characters - or make sure that your base64 decoder can handle unpadded base64. – Maarten Bodewes Mar 14 '23 at 11:55

0 Answers0