Closed bchurchill closed 6 years ago
kmaragon
commented
6 years ago Thank you for pointing this out. The dates are such that it should be 1.3. But I don't remember for sure. I obviously need to do a better job tracking that in general. If I'm wrong, I'll have an update in short order to use the new spec. But I'll get some updates in to make sure that's true.
kmaragon
commented
6 years ago I was finally able to confirm that out of the sheer luck of my timing, this is in fact 1.3... I guess the XorLanes implementation should have made that obvious for me but I wanted to make sure. I updated the Description in the Argon2 csproj as much. Unfortunately, I still haven't had the time to get Argon2id implemented though. That'll take more than a single all-nighter. I'll close this issue now that I updated the description.
Version 1.2.1 of the Argon2i algorithm was found to be vulnerable to an attack described in
H. Corrigan-Gibbs, D. Boneh, and S. E. Schechter, “Balloon hashing: Provably space-hard hash functions with data-independent access patterns,” IACR Cryptology ePrint Archive, vol. 2016, p. 27, 2016.
and the authors have created an updated version 1.3 which fixes the issue (as described in section 5.2 of their design spec https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf). Do you think you could document which version this library implements?