Currently the wallet uses cn_slow_hash to hash the password at generate_chacha_key to get a chacha_key that is used for the private keys encryption. Should we replace it for Argon2_id ?
Cryptonight (cn_slow_hash)
Pros
afaiw, no issues found with the encrypted files in the wallet or the encrypted keys in memory
Cons
Not tested as much as Argon2
Not used as much as Argon2
Argon2
Pros
widely used
proved secure
Cons
maybe not already available in the library
I'm in favor of replacing cn_slow_hash to Argon2 as it is one of the most recommended password hashing algorithm and it would make our library more standardized. Cryptographic arguments explaining why Argon2 is (not) safer are welcome.
Currently the wallet uses
cn_slow_hash
to hash the password at generate_chacha_key to get a chacha_key that is used for the private keys encryption. Should we replace it for Argon2_id ?Cryptonight (cn_slow_hash)
Pros
Cons
Argon2
Pros
Cons
I'm in favor of replacing cn_slow_hash to Argon2 as it is one of the most recommended password hashing algorithm and it would make our library more standardized. Cryptographic arguments explaining why Argon2 is (not) safer are welcome.