Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto: support argon2 password hashing scheme #19896

Closed
aead opened this issue Apr 8, 2017 · 10 comments
Closed

x/crypto: support argon2 password hashing scheme #19896

aead opened this issue Apr 8, 2017 · 10 comments
Labels
FrozenDueToAge NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made.
Milestone
Unreleased

Comments

@aead
Copy link
Contributor

aead commented Apr 8, 2017

This is a proposal for implementing the argon2 password hashing scheme. There are different "versions" of Argon2 (Argon2i, Argon2d, Argon2id, Argon2ds). This proposal is just about general argon2 support - so should x/crypto contain an argon2 package?

I can submit an implementation but whether x/crypto should support all Argon2 versions - or a subset - requires more thinking. My personal opinion about this (if proposal accepted) is to support Argon2i and maybe Argon2d.

I open this because I've received more than one request in this regard.
@aead
Copy link
Contributor Author

aead commented Apr 8, 2017

/cc @agl

@gopherbot gopherbot added this to the Unreleased milestone Apr 8, 2017
@bradfitz
Copy link
Contributor

bradfitz commented Apr 8, 2017

The bar to putting something in x/crypto is slightly higher than an algorithm just existing. It needs to an important and/or common dependency for other things.

What needs this?

@aead
Copy link
Contributor Author

aead commented Apr 8, 2017

@bradfitz
Argon2 was selected as the final PHC winner.
It's a memory-hard function designed to mitigate GPU and ASIC / FPGA password cracking attacks.

Quote from the linked pdf:

A trivial solution for password hashing is a keyed hash function such as
HMAC. If the protocol designer prefers hashing without secret keys to avoid all the problems with key generation, storage, and update, then he has few alternatives: the generic mode PBKDF2, the Blowfish-based bcrypt, and scrypt. Among those, only scrypt aims for high memory, but the existence of a trivial time-memory tradeoff [8] allows compact implementations with the same energy cost.

Conclusion: "Argon2 should be preferred over bcrypt, scrypt and PBKDF2"

It is also used as the (default) password hashing scheme in famous crypto-libraries like libsodium

As mentioned above I've received more than one request like: "Is there any chance that there will be a Go implementation of argon2" - My answer: "I'll ask the Go-Team" 😉

@bradfitz
Copy link
Contributor

bradfitz commented Apr 8, 2017

My response above is my default template. We get tons of requests for additions. We need to stop and ask why sometimes.

I'll defer to @agl.

@bradfitz bradfitz added the NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. label Apr 8, 2017
@aead
Copy link
Contributor Author

aead commented Apr 8, 2017

Yeah, I can imagine that - by the way thanks for your (and all the other members) effort on keeping Go clean. 😃
It's not my goal to flood/mess up /x/crypto with unused / uncommon crypto 😉

@mvdan
Copy link
Member

mvdan commented Apr 9, 2017

Has a Go implementation been done yet? It could be prototyped as a third party package first.

@magical
Copy link
Contributor

magical commented Apr 9, 2017

I have a Go implementation that i'd be happy to donate: https://github.com/magical/argon2

@aead
Copy link
Contributor Author

aead commented Apr 10, 2017

@magical
First of all thanks for your offer! I've taken a quick look at your implementation. There are several things that must be fixed before, but it seems to be a good base to start from (as far as I can see it implements Argon2d?!). I've also a basic Argon2i implementation.
So let's wait for Adam's decision than there will be more information about whether and how Argon2 can be part of x/crypto

@aead aead mentioned this issue Apr 12, 2017
Closed
@F21
Copy link

F21 commented Jul 26, 2017

Is there any update on this one? I think having argon2 available in x/crypto would be a really good thing to have. Argon2 is the current winner of the password hashing competition.

@ethanfrey ethanfrey mentioned this issue Sep 13, 2017
Closed
@aead aead mentioned this issue Dec 7, 2017
Closed
@gopherbot
Copy link

Change https://golang.org/cl/82575 mentions this issue: argon2: add new package

@golang golang locked and limited conversation to collaborators Feb 10, 2019
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
@agl
argon2: add new package implementing the Argon2 PBKDF family
fe642a8 
This CL adds the package argon2. The argon2 package implements
the Argon2 PBKDF family (Argon2i, Argon2d, Argon2id).

Argon2 is memory-hard key derivation function and is specified
at https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
It can be used to derive cryptographic keys with high entropy from low
entropy passwords.

Fixes golang/go#19896

Change-Id: I5b099682a8e3d7569ad18400cebddefc99a7e22f
Reviewed-on: https://go-review.googlesource.com/82575
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
@c-expert-zigbee
argon2: add new package implementing the Argon2 PBKDF family
b93cd9e 
This CL adds the package argon2. The argon2 package implements
the Argon2 PBKDF family (Argon2i, Argon2d, Argon2id).

Argon2 is memory-hard key derivation function and is specified
at https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
It can be used to derive cryptographic keys with high entropy from low
entropy passwords.

Fixes golang/go#19896

Change-Id: I5b099682a8e3d7569ad18400cebddefc99a7e22f
Reviewed-on: https://go-review.googlesource.com/82575
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
@rsc rsc unassigned agl Jun 23, 2022
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
@agl
argon2: add new package implementing the Argon2 PBKDF family
e6c8dd3 
This CL adds the package argon2. The argon2 package implements
the Argon2 PBKDF family (Argon2i, Argon2d, Argon2id).

Argon2 is memory-hard key derivation function and is specified
at https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
It can be used to derive cryptographic keys with high entropy from low
entropy passwords.

Fixes golang/go#19896

Change-Id: I5b099682a8e3d7569ad18400cebddefc99a7e22f
Reviewed-on: https://go-review.googlesource.com/82575
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
@agl
argon2: add new package implementing the Argon2 PBKDF family
fc8c18f 
This CL adds the package argon2. The argon2 package implements
the Argon2 PBKDF family (Argon2i, Argon2d, Argon2id).

Argon2 is memory-hard key derivation function and is specified
at https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
It can be used to derive cryptographic keys with high entropy from low
entropy passwords.

Fixes golang/go#19896

Change-Id: I5b099682a8e3d7569ad18400cebddefc99a7e22f
Reviewed-on: https://go-review.googlesource.com/82575
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
7 participants
@bradfitz @agl @magical @F21 @mvdan @gopherbot @aead