Use Argon2d instead SHA2 as key derivation function

[LoHub]

Hello,

First of all, thank you for developing PINcredible which look a great project.

I quickly read the code, in particular the import/export function. As far as I can understand, the password typed by the user is hashed by SHA2 function and the hash is used as AES key to encrypt serialized data. Unfortunately modern GPUs can do billion SHA2 hash per second.

In my opinion, a good improvement could be to use Argon2d function instead of SHA2, which will make dictionary attacks harder on exported file. Argon2d is build to be hard to crack even if user password have poor entropy and it is very efficient against GPUs usage.

Links :

• https://crypto.stackexchange.com/questions/50135/is-sha-2-suitable-for-key-derivation#answer-50137
• https://en.wikipedia.org/wiki/Argon2
• https://github.com/lambdapioneer/argon2kt (example of implementation in Kotlin)

[cyb3rko]

Thanks for the improvement request.

Right, atm the password is hashed using SHA-512 and 250.000 iterations.
Inspired by Signal's implementation of password key derivation for encrypting the backups I've pretty much adopted their implementation:

https://github.com/signalapp/Signal-Android/blob/55af6ca84e32683662a96f9f621728d47fabae9e/app/src/main/java/org/thoughtcrime/securesms/backup/FullBackupBase.java#L18-L35

---

Fortunately I'm already salting the passwords, which highly improves security against rainbow table attacks.
But I understand the arguments for using Argon2. I will see what I can do there :)

[cyb3rko]

@LoHub Argon2ID is now implemented, it will be included in the next release.
I've used the following specifications:

• mode: Argon2id
• 65.536 KibiByte memory usage
• 10 iterations
• salt of size 32 Bytes
• parallelism of 2 threads

---

The only thing that's weird is that the key derivation is blazing fast compared to the implementation of the lambdapioneer/argon2kt author's demo app.
Where his app needs 2,5 seconds mine is done in less than 400 milliseconds.

[LoHub]

I am very impressed how fast you implemented it. Thank you very much.

2023-06-26T07:22:14Z Niko Diamadis @.***>:

@LoHub[https://github.com/LoHub] Argon2ID is now implemented, it will be included in the next release. I've used the following specifications:

• mode: Argon2id
• 65.536 KibiByte memory usage
• 10 iterations
• salt of size 32 Bytes

• parallelism of 2 threads

The only thing that's weird is that the key derivation is blazing fast compared to the implementation of the lambdapioneer/argon2kt[https://github.com/lambdapioneer/argon2kt] author's demo app. Where his app needs 2,5 seconds mine is done in less than 400 milliseconds.

— Reply to this email directly, view it on GitHub[https://github.com/cyb3rko/pincredible/issues/26#issuecomment-1606859153], or unsubscribe[https://github.com/notifications/unsubscribe-auth/ACU7XBNAUFSFHRSS2F2BM2TXNE2CJANCNFSM6AAAAAAZK74DCQ]. You are receiving this because you were mentioned.[Image de pistage][https://github.com/notifications/beacon/ACU7XBOVJHLDXX4RNRXGPF3XNE2CJA5CNFSM6AAAAAAZK74DCSWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTS7Y24ZC.gif]

[cyb3rko]

Implemented in Version 0.7.0.

Previously saved PINs still work with SHA, if you create a new one, the new default is Argon2id.