crypto: add argon2() and argon2Sync() methods #50353
Conversation
|
Review requested:
|
nodejs-github-bot
added
lib / src
|
I'm curious: now that |
|
@tniessen how to handle the different parameters used by each KDF? At some point you will need separate functions to set the parameter list, but fetching the KDF and applying it can be merged. Also, what's the status on having a standard "password hash" function (like PHP) that is transparent to the user? Strong defaults, no parameters besides password, and returning encoded string. |
|
But doesnt argon2 give different results based on parallelism? If so, doesnt this mean that if somebody uses argon2 for his product he is forced to not use parallelism. Later if it is decided they want to use parallelism, it is not backwards compatible? |
@ranisalt Various cryptographic libraries do this in more or less elegant ways.
I think that's a separate discussion. As long as Node.js provides the primitives (such as Argon2), I think this can be a userland library.
@Uzlopak Yes, the result may depend upon the parallelism parameter. No, that does not mean that users cannot use parallelism. Users are responsible for choosing appropriate parallelism parameters, and parallelism can always be emulated through sequential operations. Please refer to |
Argon2 has two parallelism options, lanes and threads. Changing lanes will change the resulting hash, as it changes the underlying memory layout that is used. Changing threads, however, does not change the hash, it just allows operating in lanes (which are independent) in parallel. Usually, you want both to be the same, but it doesn't have to, as long as you have lanes >= threads. The Argon2 RFC itself doesn't even mention threads, only lanes, it's an implementation detail. @tniessen thanks for the suggestions. I think that a generic KDF function would be excellent. |
I'm sure supportive of such an API using Could even be, as we now have with |
ranisalt
force-pushed
the
crypto-argon2
branch
from
feb134d
to
f2e66e2
Compare
ranisalt
force-pushed
the
crypto-argon2
branch
from
f2e66e2
to
539ead1
Compare
|
Added parallelism support by creating a new OpenSSL context for each hash. This is needed for the async mode, otherwise there is a race condition when one job finishes and resets the thread pool size to 0 while another job is still running. |
Sorry I just noticed the mention on this. Yes, I'd be supportive of a generic API as opposed to protocol-specific APIs. |
|
Good news: OpenSSL 3.2 has finally been released Bad news: there are incompatibilities with quictls' fork that won't be solved so soon. |
|
@nodejs/crypto does anyone know if this has moved forward in any way? As far as I've seen there is a PR that's being reviewed for a while, but I don't have any other details. |
|
This is still blocked while we wait for an LTS release of OpenSSL that contains the new APIs. |
|
OpenSSL has been launching LTS releases roughly every 3 years (2015, 2018, 2021) so it may be out soon, hopefully I'm gonna rebase this PR soon |
Argon2 is a password-based key derivation function that is designed to expensive both computationally and memory-wise in order to make force attacks unrewarding.
OpenSSL added support for the Argon2 algorithm in the 3.2.0 (see openssl/openssl#12256). Add a js API modeled after crypto.scrypt() and crypto.scryptSync().
Related work:
Caveats:
OpenSSL v3.2.0 has not yet been released, so this is preliminary work based on the latest beta release (beta1 as of opening this pull request).To test this pull request, you must have OpenSSL 3.2 or later installed. Run./configurewith the following flags:--shared-openssl --shared-openssl-libpath /usr/lib/openssl-3.2/ --shared-openssl-includes /usr/include/openssl-3.2(adjust accordingly)It was not possible to enable passing the number of threads to the OpenSSL functions, Node.js hangs if you fire more than one async job at once. For now, it will run single threaded, which affects performance but results in the same hashes, so adding support later should be transparent to the user.solved