Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

providing a password hashing scheme / KDF would be nice #15

Open
UnixJunkie opened this issue May 13, 2019 · 8 comments
Open

providing a password hashing scheme / KDF would be nice #15

UnixJunkie opened this issue May 13, 2019 · 8 comments

Comments

@UnixJunkie
Copy link
Contributor

For example:
https://www.tarsnap.com/scrypt.html

Paper:
https://www.bsdcan.org/2009/schedule/attachments/87_scrypt.pdf
@janilcgarcia
Copy link

I could do this, but I'd suggest a generic KDF interface + an argon2 implementation, not scrypt.
@xavierleroy is it OK to dynamically link against argon2 reference implementation?

@UnixJunkie
Copy link
Contributor Author

Maybe this might help:
https://github.com/Khady/ocaml-argon2

@UnixJunkie UnixJunkie mentioned this issue Jun 22, 2020
Closed
@UnixJunkie
Copy link
Contributor Author

@janilcgarcia apparently Xavier likes https://en.wikipedia.org/wiki/PBKDF2.
I don't know if this is the one that won the password hashing competition though.

@xavierleroy
Copy link
Owner

PBKDF2 is the only KDF algorithm I know, just because it is widely used, but I make no claim that it is the best. For me it's hard to know which KDF (or KDFs plural if absolutely necessary) Cryptokit should support.

@UnixJunkie
Copy link
Contributor Author

Apparently, Argon2 won a password hashing open competition:
https://password-hashing.net/

@UnixJunkie
Copy link
Contributor Author

@hannesm might have an opinion

@janilcgarcia
Copy link

janilcgarcia commented Jun 22, 2020
edited
Loading

So, I think we need a generic interface for those. PBKDF2 runs everywhere but everyone should be migrating towards Argon2 now.

I'm afraid I'm not enough a OCaml wizard to say what a good interface that covers the parameters for the two, considering Argon2's parameters are extremely different from PBKDF2's.
If you guys need the parameters for both of them, PBKDF2 needs a MAC function and the number of iterations. Argon2 needs the variant to use (i, d or id), the memory cost (in KiB), time cost (in number of iterations) and parallelism.

As of other possible implementations there is bcrypt and SCrypt, but I'm not sure how relevant these are nowadays.

@UnixJunkie
Copy link
Contributor Author

UnixJunkie commented Jun 23, 2020
edited
Loading

I am also not a crypto expert.
I have read good things about scrypt in the past:
https://www.tarsnap.com/scrypt.html
" We estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2."

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@UnixJunkie @xavierleroy @janilcgarcia