type salt
type password
val primitive : string

Primitive used by this implementation. Currently "argon2i".

val password_hash_size : int

Size of password hashes, in bytes.

val salt_size : int

Size of salts, in bytes.

type difficulty = {
  1. mem_limit : int64;

    The amount of memory used by the algorithm. The more memory the better.

  2. ops_limit : int;

    The number of passes of the algorithm over the memory. The more passes the better, to be adjusted to the type of application.


Parameters of the primitive algorithm used to derive secret keys and hash passwords. This algorithm generates data (the secret key or the hash) from a human chosen password and a salt using a time and memory consuming algorithm to prevent bruteforce attacks.

val interactive : difficulty

The base line of difficulty, for online, interactive applications. Currently 3 passes over 32MiB.

val moderate : difficulty

Currently 6 passes and 128MiB.

val sensitive : difficulty

For highly sensitive data and non-interactive operations. Currently 8 passes over 512MiB. Takes about 3.5 seconds on a 2.8 Ghz Core i7 CPU.

val wipe_password : password -> unit

wipe_password pw overwrites pw with zeroes.

val random_salt : unit -> salt

random_salt () generates a random salt.

val salt_of_bytes : Bytes.t -> salt

salt_of_bytes b creates a salt out of bytes b.

  • raises Size_mismatch

    if b is not salt_size bytes long

module type S = sig ... end
module Bytes : S with type storage = Bytes.t
module Bigbytes : S with type storage = bigbytes