Evaluating Argon2 adoption and effectiveness in real-world software

(arxiv.org)

32 points pregnenolone | 3 comments | 15 Oct 25 06:29 UTC | HN request time: 0s | source

Show context

palantird ◴[22 Oct 25 12:10 UTC] No.45667846[source]▶

> ... developer education remain essential for realizing Argon2's theoretical advantages.

> 46.6% of deployments use weaker-than-OWASP parameters.

Sounds like a job for better default parameter values. I'm willing to bet most startups just install the default argon2 (or password hashing) library in their language of choice and don't jump head-first into the rabbithole of fine-tuning argon2 parameters unless a contract or certification depend on it.

replies(1): >>45668312 #

swiftcoder ◴[22 Oct 25 12:52 UTC] No.45668312[source]▶

>>45667846 #

The documentation on this is... uh... intimidating? I come away from this with the sense that I need to learn a whole lot about cryptography to make a good decision here:

https://argon2-cffi.readthedocs.io/en/stable/parameters.html

replies(1): >>45668409 #

luizfelberti ◴[22 Oct 25 13:00 UTC] No.45668409[source]▶

>>45668312 #

Do not reference these kinds of docs whenever you need practical, actionable advice. They serve their purpose, but are for a completely different kind of audience.

For anyone perusing this thread, your first resource for this kind of security advice should probably be the OWASP cheatsheets which is a living set of documents that packages current practice into direct recommendations for implementers.

Here's what it says about tuning Argon2:

https://cheatsheetseries.owasp.org/cheatsheets/Password_Stor...

replies(1): >>45668582 #

tptacek ◴[22 Oct 25 13:11 UTC] No.45668582[source]▶

>>45668409 #

It's been a couple years since I've looked but the track record of OWASP for cryptography advice has been pretty dismal.

replies(1): >>45669052 #

linsomniac ◴[22 Oct 25 13:43 UTC] No.45669052[source]▶

>>45668582 #

Do you have a better recommendation?

I feel bad for OWASP. They're doing the lords work, but seem to have a shoestring budget.

replies(1): >>45671551 #

rubendev ◴[22 Oct 25 16:26 UTC] No.45671551[source]▶

>>45669052 #

The OWASP ASVS appendix on Cryptography is one of the best and concise resources I know for this kind of thing: https://github.com/OWASP/ASVS/blob/master/5.0/en/0x92-Append...

replies(2): >>45671617 #>>45671781 #

akerl_ ◴[22 Oct 25 16:30 UTC] No.45671617[source]▶

>>45671551 #

I’d wager that something like 90% of developers who look at that page should close the tab instead of reading any of it.

If you’re building a system and need crypto… pick the canonical library for the ecosystem or language you’re working in. Don’t try to build your own collection of primitives.

replies(2): >>45671740 #>>45674244 #

rubendev ◴[22 Oct 25 16:42 UTC] No.45671740{6}[source]▶

>>45671617 #

Yes I fully agree. I’m a big fan of libraries like Google Tink that make you pick a use case and use the best implementation for that use case with built in crypto agility.

Most crypto libraries are not built like that however. They just give you a big pile of primitives/algorithms to choose from. Then frameworks get built on top of that, not always taking into account best practices, and leave people that are serious about security the job of making sure the implementation is secure. This is the point where you need something like ASVS.

replies(1): >>45671828 #

1. akerl_ ◴[22 Oct 25 16:47 UTC] No.45671828{7}[source]▶

>>45671740 #

What language today still doesn't have a de facto simplified toolbox for wrapping crypto operations?

If you're a developer, and you start trying to perform crypto operations for your service and the library you chose is making you question which cipher, what KDF parameters, or what DH group you want, that is 100% a red flag and you should promptly stop using that crypto library.

replies(1): >>45672025 #

2. rubendev ◴[22 Oct 25 17:01 UTC] No.45672025[source]▶

>>45671828 (TP) #

Can you give some examples of such commonly used libraries for languages like Java / C# / C++?

In my experience there are not many libraries like Google Tink around, and they are not in widespread use at all. Most applications doing encryption manually for specific purposes still have the words AES, CBC, GCM, IV etc hardcoded in their source code.

If you review such code, it’s still useful to have resources that show industry best practices, but I agree that the gold standard is to not have these details in your own code at all.

replies(1): >>45672237 #

3. akerl_ ◴[22 Oct 25 17:18 UTC] No.45672237[source]▶

>>45672025 #

I'd probably look at https://libsodium.gitbook.io/doc/bindings_for_other_language... or https://nacl.cr.yp.to/box.html

↑