-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
providing a password hashing scheme / KDF would be nice #15
Comments
I could do this, but I'd suggest a generic KDF interface + an argon2 implementation, not scrypt. |
Maybe this might help: |
@janilcgarcia apparently Xavier likes https://en.wikipedia.org/wiki/PBKDF2. |
PBKDF2 is the only KDF algorithm I know, just because it is widely used, but I make no claim that it is the best. For me it's hard to know which KDF (or KDFs plural if absolutely necessary) Cryptokit should support. |
Apparently, Argon2 won a password hashing open competition: |
@hannesm might have an opinion |
So, I think we need a generic interface for those. PBKDF2 runs everywhere but everyone should be migrating towards Argon2 now. I'm afraid I'm not enough a OCaml wizard to say what a good interface that covers the parameters for the two, considering Argon2's parameters are extremely different from PBKDF2's. As of other possible implementations there is bcrypt and SCrypt, but I'm not sure how relevant these are nowadays. |
I am also not a crypto expert. |
For example:
https://www.tarsnap.com/scrypt.html
Paper:
https://www.bsdcan.org/2009/schedule/attachments/87_scrypt.pdf
The text was updated successfully, but these errors were encountered: