Skip to content
This repository has been archived by the owner on Sep 20, 2023. It is now read-only.

convenience Functions for KDFs #147

Open
tauli opened this issue Mar 28, 2017 · 7 comments
Open

convenience Functions for KDFs #147

tauli opened this issue Mar 28, 2017 · 7 comments
Labels

Comments

@tauli
Copy link

tauli commented Mar 28, 2017

I'd like to see some convenience functions for the KDFs akin to the encryptPass and verifyPass from the package scrypt.

If this is something that you would like to see but don't have the time to implement yourself, i'd be happy to contribute a pull request.

@tauli tauli changed the title convenience Functions for convenience Functions for KDFs Mar 28, 2017
@tekul
Copy link
Member

tekul commented Mar 29, 2017

This would certainly make sense for argon2, since it has a standard format for the encoded hash and parameters. The BCrypt code already has high-level functions. For scrypt it's a bit trickier, as there's no standard format that I'm aware of for encoding the hash. The Haskell scrypt library has invented its own, but it would probably make more sense to be compatibile with passlib and the PHC format.

@tauli
Copy link
Author

tauli commented Mar 29, 2017

I wasn't aware that the PHC specified a format for hash storage. I agree that that should be used. No need to define something new :-)

So i think we should add some encryptStorable function to HKDF, PBKDF2 and Scrypt. I'd also think it would be neat to have a single verify function that sits in Crypto.KDF which detects the algorithm of the hash and just does the right thing. Even though BCrypt uses a slightly different format to PHC, it's easy enough to distinguish.

@tekul
Copy link
Member

tekul commented Mar 29, 2017

I'm not sure about encryptStorable. It's not really encryption. I think I would just use hashPassword/verifyPassword since that is the most common use case and people will immediately understand what is going on.

@tauli
Copy link
Author

tauli commented Mar 29, 2017

Agreed. I think I'll just implement this as soon as i find the time and send a pull request when I'm done. Probably much more productive to talk about actual code at this point.

@tekul
Copy link
Member

tekul commented Apr 9, 2017

Note that the format described in that repo is wrong. There's also a 'v' parameter in the string which is the argon2 version. Also rather confusingly, the version is entered as a base-16 parameter for the argon2 command, but is shown as base-10 in the output string.

@MaxGabriel
Copy link

@tauli Did you make any progress on this?

I looked into the argon2 side, it looks like https://github.com/P-H-C/phc-winner-argon2 recommends using argon2<v>_hash_encoded to generate the base64 encoded version that includes parameters, but I didn't find it searching the Cryptonite codebase. Is the cryptonite C code based on an older Argon2 C library or something?

@tekul
Copy link
Member

tekul commented Jul 19, 2018

@MaxGabriel I wrote some code to do this which you can use in the meantime if you wish. I will move it to cryptonite at some point when I've tidied it up and added some docs.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

4 participants