search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.05k stars 2.51k forks source link

Argon2 addition request #4775

Open demhademha opened 2 years ago

demhademha commented 2 years ago

Suggested enhancement

I think it would be useful to have the Argon2 KDF contained within mbedtls. It's the winner of the PHC and the recommendation of OWASP for new applications. There is reference code available

Justification

Mbed TLS needs this because argon2. is the winner of PHC: I believe that this would be a useful key derivation fucntion. Currently, one has to use argon2 separately from mbedtls. Argon2 is also considered more secure than bcrypt. currently, there are two OpenSSL pull requests which are in the process of adding argon2, which may be useful for the implementation.

gilles-peskine-arm commented 2 years ago

Mbed TLS primarily targets environments with limited resources (microcontrollers) where memory-hard functions aren't really usable and even CPU-hard functions can only be used with a low cost factor. This type of devices rarely uses passwords. As a consequence, key stretching functions are low-priority for us, and memory-hard functions even lower.

This doesn't mean we're against having those algorithms in Mbed TLS. But it means that the Mbed TLS team is very unlikely to work on the implementation. We would welcome an external contribution, but please make arrangements to ensure that we will have time to review it, as review time is currently our main bottleneck. (Higher-priority items such as SHA3 and EdDSA are still waiting on review time.)