argon2: set checksum size to 32, per issue 88.

also setting salt length to fixed value,
no longer relying on argon2_cffi's upstream settings for this.

2 files changed, 8 insertions, 4 deletions

diff --git a/docs/history/1.7.rst b/docs/history/1.7.rst
index 4900428..31067cf 100644
--- a/docs/history/1.7.rst
+++ b/docs/history/1.7.rst
@@ -4,6 +4,11 @@
 Passlib 1.7
 ===========
 
+**1.7.2** (NOT YET RELEASED)
+============================
+
+* :class:`~passlib.hash.argon` -- default hash size increased to 32 bytes (:issue:`88`).
+
 **1.7.1** (2017-1-30)
 =====================
 
diff --git a/passlib/handlers/argon2.py b/passlib/handlers/argon2.py
index 578c2c5..b665a20 100644
--- a/passlib/handlers/argon2.py
+++ b/passlib/handlers/argon2.py
@@ -63,8 +63,6 @@ else:
         time_cost = 2
         memory_cost = 512
         parallelism = 2
-        salt_len = 16
-        hash_len = 16
     _default_version = 0x13
 
 #=============================================================================
@@ -110,7 +108,8 @@ class _Argon2Common(uh.SubclassBackendMixin, uh.ParallelismMixin,
     # GenericHandler
     #------------------------
     ident = u("$argon2i")
-    checksum_size = _default_settings.hash_len
+    # NOTE: ignoring argon2_cffi's default of 16, to better match libargon2
+    checksum_size = 32
 
     # NOTE: from_string() relies on the ordering of these...
     ident_values = (u("$argon2i$"), u("$argon2d$"))
@@ -118,7 +117,7 @@ class _Argon2Common(uh.SubclassBackendMixin, uh.ParallelismMixin,
     #------------------------
     # HasSalt
     #------------------------
-    default_salt_size = _default_settings.salt_len
+    default_salt_size = 16
     min_salt_size = 8
     max_salt_size = MAX_UINT32