Argon2

Question

Argon2

Opened this issue 4 years ago · 13 comments

I have observed that a search for "argon2" didn't come up with anything relevant in the issue tracker (apart from honourable mentions in a yescrypt discussion), which is pretty much a surprise to me.

Is there any plans to have Argon2 supported? It seems to be one of the most recommended pwhash nowadays, obviously heavily influeced by the PHC.

Answer 1 · 2020-05-11T20:30:23.000Z

Huh, I thought we already had an open wishlist item for argon2 but I guess we don't.

We would certainly consider a patch or PR to add argon2. The main reasons I haven't done it already are lack of time and the fact that the reference implementation is a fairly bulky library.

Answer 2 · 2020-05-12T09:15:09.000Z

We would certainly consider a patch or PR to add argon2. The main reasons I haven't done it already are lack of time and the fact that the reference implementation is a fairly bulky library.

Well, given the circumstance that cryptsetup already interfaces libargon2.so (reference implementation), wouldn't it make sense, when we would do the same instead of bundling?

Answer 3 · 2020-05-12T12:24:39.000Z

2 cents:

the argon2 RFC is not finalized yet, I would wait until that's the case.
embedding would avoid a dependency, but, as long as libargon2 could be selected via configure flag I guess it i not a big deal to have it as a dep.

Answer 4 · 2020-08-17T20:38:55.000Z

NETBSD added Argon2 algo to its crypt(3) btw: https://netbsd.gw.com/cgi-bin/man-cgi?crypt++NetBSD-current

Answer 5 · 2020-08-18T15:25:45.000Z

I'd be fine with libxcrypt growing an optional runtime dependency on libargon2.so, but is there a second independent implementation of Argon2 yet? This is desirable for verifying interoperability.

Answer 6 · 2020-08-18T15:38:51.000Z

The Argon2 draft RFC is in a late stage of the IRTF process and does not appear to have changed very much in some time. In particular the test vectors have not changed since draft-irtf-cfrg-argon2-02 which was published in March 2017. So I think the risk of implementing something incompatible, if we go ahead before the RFC is published, is quite low.

Answer 7 · 2020-10-10T11:32:43.000Z

Cryptsetup uses Argon2, KeePassXC uses Argon2, but shadow stores my root password as SHA512 by default. To get Argon2 support started, I have created a branch with it: #113

Feel free to give me feedback!

Answer 8 · 2021-10-21T06:02:02.000Z

The RFC has been published last month.

Answer 9 · 2022-04-25T04:08:56.000Z

Link to the RFC: https://datatracker.ietf.org/doc/rfc9106/
Regarding the default work factors, OWASP also has pretty decent recommendations and might be worth taking a look. Or maybe something could be detected during the runtime like many password managers do.

Answer 10 · 2022-11-06T03:56:35.000Z

Anything new on this or the PR? Argon2 seems like a natural choice, given that it probably receives most scrutiny now.

Answer 11 · 2023-06-22T09:43:01.000Z

I'd be fine with libxcrypt growing an optional runtime dependency on libargon2.so, but is there a second independent implementation of Argon2 yet? This is desirable for verifying interoperability.

#150 seems to support an alternative implementation, although it looks abandoned.

Answer 12 · 2023-06-22T10:16:48.000Z

I'd be fine with libxcrypt growing an optional runtime dependency on libargon2.so, but is there a second independent implementation of Argon2 yet? This is desirable for verifying interoperability.

#150 seems to support an alternative implementation, although it looks abandoned.

If you are referring to the GitHub repos being archived, they have not been abandoned but have been migrated to https://codeberg.org/maandree.

Answer 13 · 2023-06-22T10:28:21.000Z

That's great. Thanks for letting us know the projects are still alive. @besser82 any chance of merging either this or #150 any time soon?