Consider switching from PBKDF2 to argon2 for the KDF #40
Labels
Comments
Greenheart
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While the current implementation using PBKDF2 is good for the current threat model, argon2 is more resistant towards GPU brute forcing attacks. Argon2 could thus increase security of encrypted pages.
However, since my use cases are well served by PBKDF2 hashing, this is not a top priority for me at the moment. If someone wants this to be implemented, you're welcome to submit a PR and we can work from there.
One question to think about is whether we should switch to argon2 for all hashing, or allow users to choose if they want to use PBKDF2 or argon2. Perhaps we could use different decryption templates (including different scripts) for the different hashing algorithms. This would add complexity, but could be useful for users who are OK with PBKDF2 and don't need argon2.
To implement this, these libraries might be useful:
Browser: https://github.com/antelle/argon2-browser
Node.js https://github.com/ranisalt/node-argon2
Deno: Not sure, but since https://github.com/antelle/argon2-browser supports WASM, it might be able to run in Deno and similar environments.
The text was updated successfully, but these errors were encountered: