Missing algorithms

[newpavlov]

• [x] Argon2
• [x] Balloon
• [ ] bcrypt (see rust-bcrypt crate and this comment)
• [ ] Lyra2
• [x] scrypt
• [ ] yescrypt

Also see algorithms used in passlib.

[dignifiedquire]

I have an implementation of AES KW as defined here: https://tools.ietf.org/html/rfc339, is that of interest?

[astonbitecode]

Does this issue mean that RustCrypto will not include bcrypt password hashing?

Or maybe there will be yet another implementation of it in this repo?

[newpavlov]

I don't plan on doing a competing implementation without a good reason (e.g. substantial improvements/fixes which @Keats will not accept to his crate for some reason or support of hypothetical password hashing trait). Though I still would be happy to accept the crate transfer if he''ll change his mind.

[zer0x64]

I can give a shot for Argon2, since there is already a Rust implementation and that RustCrypto already has Blake2. Are you still looking for someone to implement it here?

[zer0x64]

Since argon2rs has not been updated for the last 2 years and the maintainer is not answering on the ticket, what about asking the maintainer of https://github.com/sru-systems/rust-argon2 instead? It works on WASM even with multiple lanes, supports multithreading via features, supports Argon2id and is still maintained. Biggest weak point for now is the lack of SIMD.

[fadeevab]

@zer0x64 Thank you for information!

[fadeevab]

For the record, one cons of all existing Argon2 implementations is a lack of no_std mode which is de-facto for RustCrypto crates. It means there is no easy way to "import" any of these crates into RustCrypto family seamlessly.

[tarcieri]

We should definitely ping one of the existing authors to see if they want to collaborate.

Otherwise, we can fork one of the existing crates, add no_std support, and then release it as argon2.

[newpavlov]

I've already pinged them in the past, see issues linked in the OP list.

[tarcieri]

@newpavlov what about the maintainer of rust-argon2 as @zer0x64 mentioned?

[newpavlov]

Done, see the linked issue.

[zizhengtai]

There is also argonautica which supports SIMD.

[tarcieri]

We now have an argon2 crate based on the reference implementation, however it might be worth looking at reusing some code from argonautica (which is MIT/Apache2) for SIMD. See #104.

[daxpedda]

We can mark Balloon (and also fix the typo) as done, see https://crates.io/crates/balloon-hash.

[samuel-lucas6]

For your awareness, I'm working on an Internet-Draft for a modified version of Balloon called BKDF, which would represent a proper specification of Balloon. It's not finalised as I'm still trying to collect feedback on the design/design ideas from cryptographers, but it contains a number of improvements already.

I would greatly appreciate feedback on the draft/design from the Rust Crypto maintainers/contributors, especially @tarcieri since you were a PHC judge. I will acknowledge people in the Acknowledgments section with their permission.

[sorairolake]

The current yescrypt crate is based on a translation of the reference implementation in C. I'm not familiar with yescrypt, but it seems to be based on scrypt, so maybe yescrypt crate could be rewritten based on the existing scrypt crate.