Cryptography

Tinlok provides several lightweight and fast core cryptographic functions using modern algorithms. These are powered by the Monocypher library.

Integrity hashes

The Blake2b class is provided for performing integrity hashes. Whilst Blake2b normally has variable length hashes, this class only produces 512-bit (64 byte) hashes. Obviously, this uses the Blake2b algorithm.

val toHash = b("The quick brown fox jumps over the lazy dof")
// no key
val hash = Blake2b { hasher ->
    hasher.feed(toHash)
    hasher.hash()
}
println(hash.hexdigest())
// securely compare the two hashes
val hash2 = toHash.blake2b()
assert(hash.secureCompare(hash2))

Password hashes

The passwordHash function is provided for creating password hashes. This function uses the Argon2i algorithm, which is a modern and secure password hasher/key derivation algorithm.

The default parameters are tuned for a reasonable level of security. It is recommended to adjust the memory limit for the maximum amount of memory available.

val secret = "password"  // not very secure!
val hash: Argon2iHash = passwordHash(secret)
// re-derives the hash, then securely compares them
assert(hash.verify(secret))

Secure Random Numbers

Tinlok provides a SecureRandom object that provides securely generated random numbers. This is a kotlin.random.Random and thus can be used anywhere that a regular Random is.