Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should we change the password hashing algorithm? #63

Open
DangerousFreedom1984 opened this issue Jan 11, 2024 · 1 comment
Open

Should we change the password hashing algorithm? #63

DangerousFreedom1984 opened this issue Jan 11, 2024 · 1 comment

Comments

@DangerousFreedom1984
Copy link

Currently the wallet uses cn_slow_hash to hash the password at generate_chacha_key to get a chacha_key that is used for the private keys encryption. Should we replace it for Argon2_id ?

Cryptonight (cn_slow_hash)

Pros

  • afaiw, no issues found with the encrypted files in the wallet or the encrypted keys in memory

Cons

  • Not tested as much as Argon2
  • Not used as much as Argon2

Argon2

Pros

  • widely used
  • proved secure

Cons

  • maybe not already available in the library

I'm in favor of replacing cn_slow_hash to Argon2 as it is one of the most recommended password hashing algorithm and it would make our library more standardized. Cryptographic arguments explaining why Argon2 is (not) safer are welcome.
@UkoeHB
Copy link

UkoeHB commented Jan 11, 2024

What is the wallet migration story for this? It sounds nice, but invites additional maintenance and development costs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@UkoeHB @DangerousFreedom1984