Replies: 1 comment 7 replies
-
|
A way better approach is to encrypt the hashes. By doing so, the secret key can be changed without requiring the plaintext password to be known and rehash everything. The authentication tag will also protect the parameters from being changed. |
Beta Was this translation helpful? Give feedback.
-
|
@jedisct1 I noticed that libhydrogen does as you suggest for password hashing. However for key derivation, it seems to do as I was asking https://github.com/jedisct1/libhydrogen/blob/master/impl/pwhash.h#L73 as the Wouldn't it be nice to have the same option in libsodium? |
Beta Was this translation helpful? Give feedback.
-
|
This is unlikely, but you can achieve the same thing by using |
Beta Was this translation helpful? Give feedback.
-
|
Indeed. A benefit of using Argon2 built-in mechanism would have been, possibly, easier compatibility with other implementations (admittedly it's more of a theoretical use case for me), and to make it easier to explain what I do ("I use Argon2 with options" vs "I use Argon2+libsodium generichash"). Not a big deal anyway. Thanks again for your availability! |
Beta Was this translation helpful? Give feedback.
-
|
@jedisct1 Sorry to bother you, and feel free to ignore me if I'm abusing of your time. What's your opinion on
versus
I have the feeling it's more or less the same, but I don't know if you see any reason to prefer one over the other? |
Beta Was this translation helpful? Give feedback.
-
|
@forty The first is more common, but either is fine. You could also use |
Beta Was this translation helpful? Give feedback.
-
In some situations it's nice to be able to add a high entropy secret to a password for key derivation (see for example this use case https://infosec.exchange/@sc00bz/109684199071308560)
It turns out Argon2 support this natively via the Secret (K) input. It would be nice to surface this possibility in the pwhash public API.
What do you think?
Beta Was this translation helpful? Give feedback.
All reactions