Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Argon2PasswordEncoder #5354

Closed
rwinch opened this issue May 16, 2018 · 6 comments · Fixed by #7045

Comments

@rwinch
Copy link
Member

commented May 16, 2018

Summary

It would be nice to have an Argon2PasswordEncoder implementation.

We looked into using https://github.com/phxql/argon2-jvm but it is LGPL v3 which is not compatible with Apache 2.0. Instead we are going to look into using https://github.com/kosprov/jargon2-api

@rwinch rwinch added this to the 5.1.0.M2 milestone May 16, 2018

@rwinch rwinch self-assigned this May 16, 2018

@rwinch rwinch modified the milestones: 5.1.0.M2, 5.1.0.RC1 Jul 26, 2018

@WtfJoke

This comment has been minimized.

Copy link

commented Nov 27, 2018

Any news on that?

@rwinch

This comment has been minimized.

Copy link
Member Author

commented Nov 29, 2018

@WtfJoke Thanks for the bump.

I am hesitant to add a dependency on something that uses native code as I think it will be quite challenging for us to support.

Note that this is something that would be pretty easy for users to extend on their own as well.

@WtfJoke

This comment has been minimized.

Copy link

commented Nov 30, 2018

Thanks for your answer, I can understand your reasoning. So this issue is just a reminder for a future library which comes up without native code or whats the reason?

@simmac

This comment has been minimized.

Copy link
Contributor

commented Mar 25, 2019

BouncyCastle has ported Argon2 to native Java: https://github.com/bcgit/bc-java/blob/master/core/src/main/java/org/bouncycastle/crypto/generators/Argon2BytesGenerator.java

BouncyCastle is licensed under a MIT-like license, so this should be compatible

@simmac

This comment has been minimized.

Copy link
Contributor

commented Apr 1, 2019

I'm currently working on wrapping the BouncyCastle-Generator into a Spring Security-PasswordEncoder.

If my employer gives me the right to publish this via a PR, I will do so soon (within the next few weeks) :)

simmac added a commit to kapschtrafficcom/spring-security that referenced this issue Jun 27, 2019
Add Argon2PasswordEncoder
Add PasswordEncoder for the Argon2 hashing algorithm (Password Hashing
Competition (PHC) winner).
This implementation uses the BouncyCastle-implementation of Argon2.

Fixes spring-projectsgh-5354
@simmac

This comment has been minimized.

Copy link
Contributor

commented Jun 27, 2019

Well, this took longer than expected, but we finally managed to tackle all the organisational stuff (in future, contributions by my colleagues and me should be approved much faster)

simmac added a commit to kapschtrafficcom/spring-security that referenced this issue Jul 21, 2019
Add Argon2PasswordEncoder
Add PasswordEncoder for the Argon2 hashing algorithm (Password Hashing
Competition (PHC) winner).
This implementation uses the BouncyCastle-implementation of Argon2.

Fixes spring-projectsgh-5354
simmac added a commit to kapschtrafficcom/spring-security that referenced this issue Jul 21, 2019
Add Argon2PasswordEncoder
Add PasswordEncoder for the Argon2 hashing algorithm (Password Hashing
Competition (PHC) winner).
This implementation uses the BouncyCastle-implementation of Argon2.

Fixes spring-projectsgh-5354
simmac added a commit to kapschtrafficcom/spring-security that referenced this issue Jul 28, 2019
Add Argon2PasswordEncoder
Add PasswordEncoder for the Argon2 hashing algorithm (Password Hashing
Competition (PHC) winner).
This implementation uses the BouncyCastle-implementation of Argon2.

Fixes spring-projectsgh-5354

@rwinch rwinch removed their assignment Jul 29, 2019

@rwinch rwinch self-assigned this Aug 5, 2019

@rwinch rwinch added this to the 5.2.0.RC1 milestone Aug 5, 2019

@rwinch rwinch closed this in #7045 Aug 5, 2019

rwinch added a commit that referenced this issue Aug 5, 2019
Add Argon2PasswordEncoder
Add PasswordEncoder for the Argon2 hashing algorithm (Password Hashing
Competition (PHC) winner).
This implementation uses the BouncyCastle-implementation of Argon2.

Fixes gh-5354
kostya05983 added a commit to kostya05983/spring-security that referenced this issue Aug 26, 2019
Add Argon2PasswordEncoder
Add PasswordEncoder for the Argon2 hashing algorithm (Password Hashing
Competition (PHC) winner).
This implementation uses the BouncyCastle-implementation of Argon2.

Fixes spring-projectsgh-5354
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.