←back to thread

Evaluating Argon2 adoption and effectiveness in real-world software

(arxiv.org)
32 points pregnenolone | 4 comments | 15 Oct 25 06:29 UTC | HN request time: 0.869s | source
Show context
palantird ◴[22 Oct 25 12:10 UTC] No.45667846[source]
> ... developer education remain essential for realizing Argon2's theoretical advantages.

> 46.6% of deployments use weaker-than-OWASP parameters.

Sounds like a job for better default parameter values. I'm willing to bet most startups just install the default argon2 (or password hashing) library in their language of choice and don't jump head-first into the rabbithole of fine-tuning argon2 parameters unless a contract or certification depend on it.

replies(1): >>45668312 #
swiftcoder ◴[22 Oct 25 12:52 UTC] No.45668312[source]
The documentation on this is... uh... intimidating? I come away from this with the sense that I need to learn a whole lot about cryptography to make a good decision here:

https://argon2-cffi.readthedocs.io/en/stable/parameters.html

replies(1): >>45668409 #
luizfelberti ◴[22 Oct 25 13:00 UTC] No.45668409[source]
Do not reference these kinds of docs whenever you need practical, actionable advice. They serve their purpose, but are for a completely different kind of audience.

For anyone perusing this thread, your first resource for this kind of security advice should probably be the OWASP cheatsheets which is a living set of documents that packages current practice into direct recommendations for implementers.

Here's what it says about tuning Argon2:

https://cheatsheetseries.owasp.org/cheatsheets/Password_Stor...

replies(1): >>45668582 #
tptacek ◴[22 Oct 25 13:11 UTC] No.45668582[source]
It's been a couple years since I've looked but the track record of OWASP for cryptography advice has been pretty dismal.
replies(1): >>45669052 #
linsomniac ◴[22 Oct 25 13:43 UTC] No.45669052[source]
Do you have a better recommendation?

I feel bad for OWASP. They're doing the lords work, but seem to have a shoestring budget.

replies(1): >>45671551 #
rubendev ◴[22 Oct 25 16:26 UTC] No.45671551[source]
The OWASP ASVS appendix on Cryptography is one of the best and concise resources I know for this kind of thing: https://github.com/OWASP/ASVS/blob/master/5.0/en/0x92-Append...
replies(2): >>45671617 #>>45671781 #
tptacek ◴[22 Oct 25 16:44 UTC] No.45671781[source]
This is just a random list of links to standards and summary tables, some of which are wrong (urandom vs. random, for instance). The "A/L/D" scoring makes very little sense. CBC is legacy-allowable and CTR is disallowed; "verification of padding must be performed in constant time". For reasons passing understanding, "MAC-then-encrypt" is legacy-allowable. They've deprecated the internally truncated SHA2's and kept the full-width ones (the internally truncated ones are more, not less secure). They've taken the time to formally disallow "MD5 and SHA1 based KDF functions". There's a long list of allowed FFDH groups. AES-CMAC is a recommended general-purpose message authenticator.

This is a mess, and I would actively steer people away from it.

replies(1): >>45672111 #
1. rubendev ◴[22 Oct 25 17:07 UTC] No.45672111[source]
Yes it’s an audit checklist for when you need to know specifically what to use and with which parameters.

It’s unfortunate if there are mistakes in there. The people at OWASP would be very happy to receive feedback on their GitHub I’m sure.

replies(1): >>45672327 #
2. tptacek ◴[22 Oct 25 17:25 UTC] No.45672327[source]
It's a bad audit checklist! If OWASP volunteers can't do a good one, they should just not do one at all. It's fine for them not to cover things that are outside their expertise.
replies(1): >>45672516 #
3. rubendev ◴[22 Oct 25 17:39 UTC] No.45672516[source]
Which one would you recommend instead? Referring dev teams to NIST standards or the like doesn’t work well in my experience.
replies(1): >>45672552 #
4. tptacek ◴[22 Oct 25 17:41 UTC] No.45672552{3}[source]
There doesn't always have to be a resource. Sometimes no resource is better than a faulty one. Cryptography is one of those cases.