RustCrypto / PAKEs

Password-Authenticated Key Agreement protocols
106 stars 35 forks source link

srp: argon2 support #172

Closed 4f48 closed 4 months ago

4f48 commented 4 months ago

Hi! I'm trying to implement the server authentication flow of the SRP protocol, and got stuck at this part of the documentation. It mentions that one should use a proper KDF, so I tried argon2. I tried passing argon2::Argon2 in there, and a couple other exported members of the argon2 crate, but never succeeded. So, how would one use argon2 with this crate?

tarcieri commented 4 months ago

The current implementation is generic around a Digest primitive, so you can't pass Argon2 in since it's not a Digest.

I'm not aware of anyone using SRP with Argon2, but it would be a fundamentally different construction from what we currently implement.

4f48 commented 4 months ago

So what you are saying is, that it's impossible to use argon2, right?

tarcieri commented 4 months ago

Correct. There are various attacks against SRP that could potentially be mitigated by augmenting it with Argon2, but that would be a separate construction from SRP itself.

4f48 commented 4 months ago

Alright, thank you anyway for the info.