a-dma
commented
6 years ago Hi,
do you have any plan to release this soon? Also how about making Argon2::with_version public?
Closed bryant closed 6 years ago
a-dma
commented
6 years ago Hi,
do you have any plan to release this soon? Also how about making Argon2::with_version public?
bryant
commented
6 years ago do you have any plan to release this soon?
Yes, probably this weekend.
Also how about making Argon2::with_version public?
I'm unable to see the motivation for this. 0x13 of the spec was created to address some flaw in 0x10, so it seems prudent to ensure that new hashes are created with the more secure version. In fact, part of why 0x13 took so long to merge was waiting for the release of pub(restricted) so that only the verifier can access with_version (so that decoding is backwards compatible with older hashes).
Would you mind clarifying the reason?
a-dma
commented
6 years ago Great to hear about the release. Thanks!
I was poking at KDBX files and as far as I understand you can't just get away with verifying a hash but you need to use Argon2 to transform a bunch of credentials to obtain a master key. KDBX4 supports version 0x10 and I think that re-encrypting the database using a version-0x13-based KDF would be surprising to the user to say the least.
Also, one more quick thing (forgive me if it's not the right place, happy to open a separate issue). You may want to consider linking to a version of the documentation that includes the crate's version number (e.g., https://docs.rs/argon2rs/0.2.5/argon2rs/). It took me a bit of time to realize that the documentation on GitHub wasn't in sync with the crate I was using :)
Fixes #4.
Note that Github erroneously claims that the previous iteration of this (#16) was merged even though it was not, possibly because of conflicting branch names. In any case, here it is, at last.