Open calvin-barker opened 1 year ago
Change https://go.dev/cl/502515 mentions this issue: argon2: Adding password hashing/verification wrapper to x/crypto/argon2
CC @golang/security
High-level wrappers are already approved in #16971, but we didn't discuss adding support for the secret input.
I propose that we extend
x/crypto/argon2
to include a wrapper for password hashing and verification, similar to what currently exists in thex/crypto/bcrypt
package. This would provide convenient methods for developers to generate hashed passwords and compare them, using Argon2's state-of-the-art password hashing scheme.Background
x/crypto/bcrypt
package provides two crucial functions:GenerateFromPassword
andCompareHashAndPassword
. These make handling passwords quite straightforward for developers while still ensuring a high level of security.However, as Argon2 is the reigning winner of the Password Hashing Competition, it would be beneficial for developers to have an equally convenient and familiar way of handling passwords using Argon2 within the Go standard library. The
x/crypto/argon2
package provides an interface to the Argon2 functionality, but it lacks the same developer-friendly methods for password hashing and verification.Additionally, NIST 800-63B recommends using a secret value of at least 112 bits. Using
secret
is implemented inderiveKey
, but theKey
andIDKey
functions pass anil
value when calling it.Current Usage
There is currently a well-written wrapper implementation with https://github.com/alexedwards/argon2id (329 ⭐) that is used in ~370 .go files across public Github. However, it doesn't support using a NIST-recommended secret value, and given that it exists outside of the core Go packages, its long-term maintainability cannot be guaranteed.
bcrypt.GenerateFromPassword
is used across ~18.8k files, andbcrypt.CompareHashAndPassword
is used across ~16.9k files. Of these, I suspect there is a fair number of developers who would rather be using Argon2, but they instead opted for bcrypt simply because the wrappers didn't exist or because they didn't want to rely on a third-party library for cryptography.We're currently using a custom fork of
x/crypto/argon2
at my job to accomplish these goals, but I would much rather be using something from the core packages.Proposal
I propose adding three exported functions to the
x/crypto/argon2
package:Benefits
x/crypto/argon2
package[cc: @FiloSottile, we chatted about this at a high level at GothamGo on 2023-06-09]