Switch to Argon2id

Question

Switch to Argon2id

Closed this issue 4 months ago · 4 comments

Would you be open to switching to Argon2id over 100k iterations of PBKDF2? It would provide better protection for weaker vault passwords.

Answer 1 · 2024-03-26T06:45:09.000Z

Sure, I'll think about it. I need to check whether this enhancement is worth the time and effort. I may even think to make this customizable, but then it would require a DB change 🤔
No idea, let's see with what I will come up with.

Answer 2 · 2024-05-10T08:44:06.000Z

This change would require libgcrypt version >= 1.10.1 which cannot be found, for example, on Ubuntu <23.10 and openSUSE Leap <=15.5.
If I decide to implement this change, it will have to be configurable in order to support older distros.

Answer 3 · 2024-06-27T13:39:11.000Z

The switch to Argon2id will happen. I have yet to figure out some minor design things, but it will likely happens before end of summer.

Answer 4 · 2024-07-02T09:46:44.000Z

To-Do:

switch to argon2id by default
dynamically show parameters
make db security configurable