Argon2

[grinapo]

I have observed that a search for "argon2" didn't come up with anything relevant in the issue tracker (apart from honourable mentions in a yescrypt discussion), which is pretty much a surprise to me.

Is there any plans to have Argon2 supported? It seems to be one of the most recommended pwhash nowadays, obviously heavily influeced by the PHC.

[zackw]

Huh, I thought we already had an open wishlist item for argon2 but I guess we don't.

We would certainly consider a patch or PR to add argon2. The main reasons I haven't done it already are lack of time and the fact that the reference implementation is a fairly bulky library.

[besser82]

We would certainly consider a patch or PR to add argon2. The main reasons I haven't done it already are lack of time and the fact that the reference implementation is a fairly bulky library.

Well, given the circumstance that cryptsetup already interfaces libargon2.so (reference implementation), wouldn't it make sense, when we would do the same instead of bundling?

[simo5]

2 cents:

• the argon2 RFC is not finalized yet, I would wait until that's the case.
• embedding would avoid a dependency, but, as long as libargon2 could be selected via configure flag I guess it i not a big deal to have it as a dep.

[SomeAB]

NETBSD added Argon2 algo to its crypt(3) btw: https://netbsd.gw.com/cgi-bin/man-cgi?crypt++NetBSD-current

[zackw]

I'd be fine with libxcrypt growing an optional runtime dependency on libargon2.so, but is there a second independent implementation of Argon2 yet? This is desirable for verifying interoperability.

[zackw]

The Argon2 draft RFC is in a late stage of the IRTF process and does not appear to have changed very much in some time. In particular the test vectors have not changed since draft-irtf-cfrg-argon2-02 which was published in March 2017. So I think the risk of implementing something incompatible, if we go ahead before the RFC is published, is quite low.

[ferivoz]

Cryptsetup uses Argon2, KeePassXC uses Argon2, but shadow stores my root password as SHA512 by default. To get Argon2 support started, I have created a branch with it: https://github.com/besser82/libxcrypt/pull/113

Feel free to give me feedback!

[mgorny]

The RFC has been published last month.

[oittaa]

Link to the RFC: https://datatracker.ietf.org/doc/rfc9106/ Regarding the default work factors, OWASP also has pretty decent recommendations and might be worth taking a look. Or maybe something could be detected during the runtime like many password managers do.

[calestyo]

Anything new on this or the PR? Argon2 seems like a natural choice, given that it probably receives most scrutiny now.

[rathann]

I'd be fine with libxcrypt growing an optional runtime dependency on libargon2.so, but is there a second independent implementation of Argon2 yet? This is desirable for verifying interoperability.

150 seems to support an alternative implementation, although it looks abandoned.

[maandree]

I'd be fine with libxcrypt growing an optional runtime dependency on libargon2.so, but is there a second independent implementation of Argon2 yet? This is desirable for verifying interoperability.

150 seems to support an alternative implementation, although it looks abandoned.

If you are referring to the GitHub repos being archived, they have not been abandoned but have been migrated to https://codeberg.org/maandree.

[rathann]

That's great. Thanks for letting us know the projects are still alive. @besser82 any chance of merging either this or #150 any time soon?