Go: x/crypto: support argon2 password hashing scheme

Created on 8 Apr 2017  ·  10Comments  ·  Source: golang/go

This is a proposal for implementing the argon2 password hashing scheme. There are different "versions" of Argon2 (Argon2i, Argon2d, Argon2id, Argon2ds). This proposal is just about general argon2 support - so should x/crypto contain an argon2 package?

I can submit an implementation but whether x/crypto should support all Argon2 versions - or a subset - requires more thinking. My personal opinion about this (if proposal accepted) is to support Argon2i and maybe Argon2d.

I open this because I've received more than one request in this regard.

FrozenDueToAge NeedsDecision

Most helpful comment

Change https://golang.org/cl/82575 mentions this issue: argon2: add new package

All 10 comments

/cc @agl

The bar to putting something in x/crypto is slightly higher than an algorithm just existing. It needs to an important and/or common dependency for other things.

What needs this?

@bradfitz
Argon2 was selected as the final PHC winner.
It's a memory-hard function designed to mitigate GPU and ASIC / FPGA password cracking attacks.

Quote from the linked pdf:

A trivial solution for password hashing is a keyed hash function such as
HMAC. If the protocol designer prefers hashing without secret keys to avoid all the problems with key generation, storage, and update, then he has few alternatives: the generic mode PBKDF2, the Blowfish-based bcrypt, and scrypt. Among those, only scrypt aims for high memory, but the existence of a trivial time-memory tradeoff [8] allows compact implementations with the same energy cost.

Conclusion: "Argon2 should be preferred over bcrypt, scrypt and PBKDF2"

It is also used as the (default) password hashing scheme in famous crypto-libraries like libsodium

As mentioned above I've received more than one request like: "Is there any chance that there will be a Go implementation of argon2" - My answer: "I'll ask the Go-Team" :wink:

My response above is my default template. We get tons of requests for additions. We need to stop and ask why sometimes.

I'll defer to @agl.

Yeah, I can imagine that - by the way thanks for your (and all the other members) effort on keeping Go clean. :smiley:
It's not my goal to flood/mess up /x/crypto with unused / uncommon crypto :wink:

Has a Go implementation been done yet? It could be prototyped as a third party package first.

I have a Go implementation that i'd be happy to donate: https://github.com/magical/argon2

@magical
First of all thanks for your offer! I've taken a quick look at your implementation. There are several things that must be fixed before, but it seems to be a good base to start from (as far as I can see it implements Argon2d?!). I've also a basic Argon2i implementation.
So let's wait for Adam's decision than there will be more information about whether and how Argon2 can be part of x/crypto

Is there any update on this one? I think having argon2 available in x/crypto would be a really good thing to have. Argon2 is the current winner of the password hashing competition.

Change https://golang.org/cl/82575 mentions this issue: argon2: add new package

Was this page helpful?
0 / 5 - 0 ratings

Related issues

OneOfOne picture OneOfOne  ·  3Comments

natefinch picture natefinch  ·  3Comments

bradfitz picture bradfitz  ·  3Comments

stub42 picture stub42  ·  3Comments

myitcv picture myitcv  ·  3Comments