samscott89
commented
7 years ago The way it's described in the paper you posted doesn't really constitute a feature of Argon2. It seems to be suggesting simply running Argon2 again in sequence, using the previous output as the "password", reusing the salt, and whatever new parameters are required.
This same idea would work for pretty much all password hashing algorithms.
Security-wise, if you wanted to (for example) increase the memory-hardness to M, you would need to set the outer layer's parameter to M, regardless of what the original parameter was.
Implementation-wise, you would need to alter the format slightly to something like:
$argon2i$v=19$m_new=65536,t_new=5,p_new=4,m_old=4096,t_old=2,p_old=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG, so it's not obviously nor natively supported by Argon2.
khovratovich
I noticed in an older version of the Argon2 paper at https://password-hashing.net/submissions/specs/Argon-v3.pdf there's mention of a way of performing client-independent updates.
However in the current version of the paper https://password-hashing.net/argon2-specs.pdf there is no mention of this.
Is there a security or implementation reason this was removed?