Closed lxp closed 5 years ago
rfjakob
commented
5 years ago Sounds reasonable, given that https://godoc.org/golang.org/x/crypto/argon2 already exists. However, I also think that we are fine with scrypt for now, so there is no rush. I wonder if it makes sense to wait for the IETF standard? OTOH, looking at https://github.com/golang/crypto/commits/master/argon2 , there don't seem to be a lot of changes. Is it at all possible that the algorithm still changes?
lxp
commented
5 years ago Looking at https://github.com/P-H-C/phc-winner-argon2/blob/master/CHANGELOG.md, it seems that in 2016 version 1.3 and the Argon2id mode was introduced. However, it seems that there were no changes to the algorithm within the last two years. The specification was last updated in the beginning of 2017: https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf The IETF draft currently says
This document corresponds to version 1.3 of the Argon2 hash function.
I do not really know how the standardization process works, but from https://datatracker.ietf.org/doc/draft-irtf-cfrg-argon2/ it looks like the working group achieved a consensus and the document is awaiting review. So my guess is that the algorithm is final and there will only be changes to the wording and formatting.
rfjakob
commented
5 years ago As I'm cleaning up tickets here on github, and I don't see a need for this in the next 10 years, I'm going to close this with label "maybe some day".
It would be cool to support Argon2id as replacement for Scrypt. According to sources I read [1] [2], the default parameters we use for Scrypt seem safe (N = 2^16 = 64MiB). However, I think Argon2 can do better than Scrypt. Argon2 won the Password Hashing Competition [3] in 2015. There is also some standardization ongoing [4]. An Argon2 implementation is available as Go package [5].
[1] https://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html [2] https://www.openwall.com/lists/crypt-dev/2012/09/02/1 [3] https://password-hashing.net/ [4] https://tools.ietf.org/html/draft-irtf-cfrg-argon2-04 [5] https://godoc.org/golang.org/x/crypto/argon2