crypto_pwhash returns incorrect output on its first execution with Argon2id on mobile when using more than 8 MB of memory

[gustavotoyota]

For some reason crypto_pwhash returns a random output on its first execution on mobile when using more than 8 MB of memory on Argon2id. My goal is to use 32 MB of memory on all platforms. I'm using Capacitor to build mobile from Javascript. On Desktop it executes without a problem.

I tested with the library argon2-browser and it works correctly, but I'm using other Sodium features and was hoping to not need other cryptography libraries.

I would expect an error or something similar, but the function just decides to return a random value. What could it be? Is there a workaround for this without wasting the first execution? Thank you.

[gustavotoyota]

More info: It happens more than once sometimes. It's deterministic in a certain way: The first incorrect output is always the same, and the second incorrect output is always the same, but the second incorrect output is different than the first incorrect output.

[jedisct1]

Is that when using WebAssembly, or JavaScript?

[gustavotoyota]

Using WebAssembly.

[jedisct1]

Do you have a minimal code snippet that reproduces this?

Can it be reproduced with node or bun?

[gustavotoyota]

Can it be reproduced with node or bun?

It only happens on the mobile app built through Capacitor.
I think Capacitor is built on top of node.

Do you have a minimal code snippet that reproduces this?

I won't be able to put together a minimal reproduction in the near future.

[jedisct1]

I think you are actually not using WebAssembly, and this is a duplicate of #310