paolostivanin / OTPClient

Highly secure and easy to use OTP client written in C/GTK3 that supports both TOTP and HOTP
GNU General Public License v3.0
482 stars 47 forks source link

Switch to Argon2id #358

Closed elliotwutingfeng closed 4 months ago

elliotwutingfeng commented 8 months ago

Would you be open to switching to Argon2id over 100k iterations of PBKDF2? It would provide better protection for weaker vault passwords.

paolostivanin commented 8 months ago

Sure, I'll think about it. I need to check whether this enhancement is worth the time and effort. I may even think to make this customizable, but then it would require a DB change :thinking: No idea, let's see with what I will come up with.

paolostivanin commented 6 months ago

This change would require libgcrypt version >= 1.10.1 which cannot be found, for example, on Ubuntu <23.10 and openSUSE Leap <=15.5. If I decide to implement this change, it will have to be configurable in order to support older distros.

paolostivanin commented 5 months ago

The switch to Argon2id will happen. I have yet to figure out some minor design things, but it will likely happens before end of summer.

paolostivanin commented 5 months ago

To-Do: