←back to thread

Evaluating Argon2 adoption and effectiveness in real-world software

(arxiv.org)
32 points pregnenolone | 3 comments | 15 Oct 25 06:29 UTC | HN request time: 0s | source
Show context
palantird ◴[22 Oct 25 12:10 UTC] No.45667846[source]
> ... developer education remain essential for realizing Argon2's theoretical advantages.

> 46.6% of deployments use weaker-than-OWASP parameters.

Sounds like a job for better default parameter values. I'm willing to bet most startups just install the default argon2 (or password hashing) library in their language of choice and don't jump head-first into the rabbithole of fine-tuning argon2 parameters unless a contract or certification depend on it.

replies(1): >>45668312 #
swiftcoder ◴[22 Oct 25 12:52 UTC] No.45668312[source]
The documentation on this is... uh... intimidating? I come away from this with the sense that I need to learn a whole lot about cryptography to make a good decision here:

https://argon2-cffi.readthedocs.io/en/stable/parameters.html

replies(1): >>45668409 #
luizfelberti ◴[22 Oct 25 13:00 UTC] No.45668409[source]
Do not reference these kinds of docs whenever you need practical, actionable advice. They serve their purpose, but are for a completely different kind of audience.

For anyone perusing this thread, your first resource for this kind of security advice should probably be the OWASP cheatsheets which is a living set of documents that packages current practice into direct recommendations for implementers.

Here's what it says about tuning Argon2:

https://cheatsheetseries.owasp.org/cheatsheets/Password_Stor...

replies(1): >>45668582 #
tptacek ◴[22 Oct 25 13:11 UTC] No.45668582[source]
It's been a couple years since I've looked but the track record of OWASP for cryptography advice has been pretty dismal.
replies(1): >>45669052 #
linsomniac ◴[22 Oct 25 13:43 UTC] No.45669052[source]
Do you have a better recommendation?

I feel bad for OWASP. They're doing the lords work, but seem to have a shoestring budget.

replies(1): >>45671551 #
rubendev ◴[22 Oct 25 16:26 UTC] No.45671551[source]
The OWASP ASVS appendix on Cryptography is one of the best and concise resources I know for this kind of thing: https://github.com/OWASP/ASVS/blob/master/5.0/en/0x92-Append...
replies(2): >>45671617 #>>45671781 #
akerl_ ◴[22 Oct 25 16:30 UTC] No.45671617[source]
I’d wager that something like 90% of developers who look at that page should close the tab instead of reading any of it.

If you’re building a system and need crypto… pick the canonical library for the ecosystem or language you’re working in. Don’t try to build your own collection of primitives.

replies(2): >>45671740 #>>45674244 #
1. rubendev ◴[22 Oct 25 19:49 UTC] No.45674244{3}[source]
Also, I gave the link to the appendix because there was a specific question about Argon2 parameters. For general developer audiences, they need to look at the standard itself which is a lot more high level about how to properly implement cryptography in software: https://github.com/OWASP/ASVS/blob/master/5.0/en/0x20-V11-Cr...

For the most common use-cases of cryptography like authentication and secure communication there is more specific, but still high level guidance that is useful for developers as well:

- https://github.com/OWASP/ASVS/blob/master/5.0/en/0x21-V12-Se...

- https://github.com/OWASP/ASVS/blob/master/5.0/en/0x18-V9-Sel...

- https://github.com/OWASP/ASVS/blob/master/5.0/en/0x15-V6-Aut...

replies(1): >>45686404 #
2. tptacek ◴[23 Oct 25 20:08 UTC] No.45686404[source]
This standard is bad. People should avoid it. For example: 11.2.2 (cryptographic agility) is an anti-pattern in modern cryptographic engineering.
replies(1): >>45697042 #
3. rubendev ◴[24 Oct 25 17:35 UTC] No.45697042[source]
Please elaborate why you believe that? The ability to easily rotate encryption keys is considered an anti pattern?