Support for the Argon2 password hashing algorithm

[mutablestate]

Proposal to implement Argon2 support from Comeonin.

Why? Recommended by the PHC over 23 other submissions and regarded as the successor to bcrypt.

Technical details

There are 2 variants of the algorithm with Argon2i being more suited to password hashing.

"Argon2i uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i is slower as it makes more passes over the memory to protect from tradeoff attacks."

"Argon2d is faster and uses data-depending memory access, which makes it suitable for cryptocurrencies and applications with no threats from side-channel timing attacks."

Specifications PDF Argon2 and Egalitarian Computing (slides) Password Hashing Competition Argon2 GitHub repo

[riverrun]

From a long-term point of view, I'm obviously very interested in the Argon2 project, but I do not feel that bcrypt or pbkdf2 will become obsolete any time soon, and so it's not high on my list of my priorities. At the moment, I'm going to find out more about it, and if I have time, I will implement it as a separate library (Elixir or Erlang), after which I can think about the viability of merging it with Comeonin.

[seanabrahams]

I like your "take it slow" approach here with Argon2, but if the results are to be believed you may want to update the following line in the README: Comeonin uses the most secure, up-to-date hashing schemes.

Maybe add a note about Argon2, Comeonin uses the most secure, up-to-date hashing schemes (Argon2 support TBA. See https://github.com/elixircnx/comeonin/issues/65).

[riverrun]

I'll add a note to the README, and I'll leave this issue open so that other people can add their comments to this discussion.

[drewblas]

I too like the "take it slow" approach. Argon2i being so new it's still being analyzed by those outside of the PHC group. For example, there are already small attacks against it being found: http://permalink.gmane.org/gmane.comp.security.phc/3606

[riverrun]

Thanks for the info.

[riverrun]

I've started work on an Elixir implementation of Argon2. It should be ready for people to try it out within a few days.

I'm going to maintain it as a separate library at the moment, and we'll see how things go.

[riverrun]

Closing this issue in favor of giving more information in the README and main Comeonin module docs. There is also now an Argon2 page in the wiki.

[riverrun]

Update: according to the current plans, Argon2 will be supported as an optional dependency (all the algorithms will be optional) in version 4. See the version_4 branch to see the initial work on this.