Update Argon2 parameters
#5139
Comments
stringhandler
pushed a commit
that referenced
this issue
Jan 30, 2023
Description --- Updates `Argon2` parameters. Closes [issue 5139](#5139). Motivation and Context --- A recent [update](OWASP/CheatSheetSeries#1073) to the [OWASP recommendations](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id) for `Argon2` password-based key derivation means the codebase is out of date. This PR updates all `Argon2` parameters to meet this standard. While there are no particularly concerning risks to users with the older standard, it's a matter of good practice to keep these updated where feasible. Note that this PR does not introduce any kind of key migration, so this change is... How Has This Been Tested? --- Existing tests pass. BREAKING CHANGE: Renders all previous `Argon2`-derived keys invalid.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The OWASP recommendations for the use of
Argon2password-based key derivation have been updated.While there are no particularly high risks to users because of the local use of this key derivation, it's good practice to keep these parameters up to date in the codebase.
The text was updated successfully, but these errors were encountered: