Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto: support argon2 password hashing scheme #19896

Closed
aead opened this issue Apr 8, 2017 · 10 comments
Closed

x/crypto: support argon2 password hashing scheme #19896

aead opened this issue Apr 8, 2017 · 10 comments
Assignees
Milestone

Comments

@aead
Copy link
Contributor

@aead aead commented Apr 8, 2017

This is a proposal for implementing the argon2 password hashing scheme. There are different "versions" of Argon2 (Argon2i, Argon2d, Argon2id, Argon2ds). This proposal is just about general argon2 support - so should x/crypto contain an argon2 package?

I can submit an implementation but whether x/crypto should support all Argon2 versions - or a subset - requires more thinking. My personal opinion about this (if proposal accepted) is to support Argon2i and maybe Argon2d.

I open this because I've received more than one request in this regard.

@aead
Copy link
Contributor Author

@aead aead commented Apr 8, 2017

/cc @agl

@gopherbot gopherbot added this to the Unreleased milestone Apr 8, 2017
@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Apr 8, 2017

The bar to putting something in x/crypto is slightly higher than an algorithm just existing. It needs to an important and/or common dependency for other things.

What needs this?

@aead
Copy link
Contributor Author

@aead aead commented Apr 8, 2017

@bradfitz
Argon2 was selected as the final PHC winner.
It's a memory-hard function designed to mitigate GPU and ASIC / FPGA password cracking attacks.

Quote from the linked pdf:

A trivial solution for password hashing is a keyed hash function such as
HMAC. If the protocol designer prefers hashing without secret keys to avoid all the problems with key generation, storage, and update, then he has few alternatives: the generic mode PBKDF2, the Blowfish-based bcrypt, and scrypt. Among those, only scrypt aims for high memory, but the existence of a trivial time-memory tradeoff [8] allows compact implementations with the same energy cost.

Conclusion: "Argon2 should be preferred over bcrypt, scrypt and PBKDF2"

It is also used as the (default) password hashing scheme in famous crypto-libraries like libsodium

As mentioned above I've received more than one request like: "Is there any chance that there will be a Go implementation of argon2" - My answer: "I'll ask the Go-Team" 😉

@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Apr 8, 2017

My response above is my default template. We get tons of requests for additions. We need to stop and ask why sometimes.

I'll defer to @agl.

@aead
Copy link
Contributor Author

@aead aead commented Apr 8, 2017

Yeah, I can imagine that - by the way thanks for your (and all the other members) effort on keeping Go clean. 😃
It's not my goal to flood/mess up /x/crypto with unused / uncommon crypto 😉

@mvdan
Copy link
Member

@mvdan mvdan commented Apr 9, 2017

Has a Go implementation been done yet? It could be prototyped as a third party package first.

@magical
Copy link
Contributor

@magical magical commented Apr 9, 2017

I have a Go implementation that i'd be happy to donate: https://github.com/magical/argon2

@aead
Copy link
Contributor Author

@aead aead commented Apr 10, 2017

@magical
First of all thanks for your offer! I've taken a quick look at your implementation. There are several things that must be fixed before, but it seems to be a good base to start from (as far as I can see it implements Argon2d?!). I've also a basic Argon2i implementation.
So let's wait for Adam's decision than there will be more information about whether and how Argon2 can be part of x/crypto

@F21
Copy link

@F21 F21 commented Jul 26, 2017

Is there any update on this one? I think having argon2 available in x/crypto would be a really good thing to have. Argon2 is the current winner of the password hashing competition.

@gopherbot
Copy link

@gopherbot gopherbot commented Dec 7, 2017

Change https://golang.org/cl/82575 mentions this issue: argon2: add new package

@golang golang locked and limited conversation to collaborators Feb 10, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants
You can’t perform that action at this time.