Add hashing support for Argon2 #1150
Comments
|
we can do it with https://github.com/wg/scrypt, which is even on Maven central |
|
This is useless. I already posted this some time ago:
Argon2 is much more secure than Scrypt and much better. Implementing scrypt would just implement an old outdated algorithm... |
|
Maybe, implementing some dynamic hashing solution might be the best idea. With that, I mean a solution that supports many known hashing algorithms without requiring changes in the code regarding hashing, with minimal code change (just for the initial implementation), and a little configuration property. It would be awesome if the server administrator would have the ability to configure what algorithm is used using some form of algorithm identifier string, whether that'd be a The problem is, that a single algorithm isn't ideal for all situations. Generally speaking, a hashing algorithm that takes longer (in time) to hash, is more secure against brute force attacks. However, that also means that the longer it takes to hash, the more resource expensive it is. And that for each hash calculation that needs to be done when a user enters a password through the login command. Some hashing algorithms even occupy all available CPU cores, which can cause great performance hits on servers running lots of users, or on low performance servers. I've heard that Facebook even uses dedicated hashing servers to minimize the performance impact for users that are logging in on their regular servers, although I don't know whether that is true. Giving the server administrator freedom to choose an appropriate hashing algorithm would be ideal in my honest opinion. Purely implementing something like this might be a bit overkill solely for the reason mentioned above. But, there can be a constant debate on what algorithm is best, and all users seem to like different hashing implementations. Thus, something like this would be a perfect solution. Many other bigger projects that are focused on password security implement some form of this. And of course, it provides many pro's. I've seen something like this a few weeks ago, with many supported hashing algorithm adapters, although I can't remember what it was called right now. Maybe it has been mentioned before. If a feature like this is desired, I might be able to make some free time to implement this through a PR. What does everybody think about this? |
|
@timvisee Your efforts are very welcome (and we have tons of stuff that needs work!) but I think they'd be better spent on another subject. It's generally a bad idea to mix hashing algorithms. The only legitimate reason for doing this is to hook into an existing system like a forum. There, admittedly, it needs the introduction of a new hash algorithm for it to work. Given that we sometimes use the configured hash algorithm as an indiciation to perform forum-specific stuff (e.g. XFBCRYPT I think is just bcrypt but it triggers additional work in the data source) I fear that we won't be able to simplify the settings that way. Bcrypt does a good job of hashing in many iterations. One improvement we can do there is in the settings. I don't think they're clear at all (on mobile, but I think one is called bcryptRoundsLog2 or similar and the comment just restates that xD) http://softwareengineering.stackexchange.com/a/214451 Of course, I'm happy to be proven otherwise ;) |
|
What could be interesting is hashing some password with the same algorithm multiple times: |
Bcrypt is OLD and INSECURE when you attack it with modern methods. Like stated multiple times, Bcrypt has been replaced by Scrypt, and Scrypt has been replaced by Argon2. Argon2 is the newest and currently most secure method. |
|
@Eyremba Is it? Is there any proof for that statement? Is it because it doesn't require much performance to brute force? The cool think about bcrypt is, that you can configure how much rounds (iterations ^2) to use while hashing, which increases the hashing time exponentially. Also, brypt uses a (secure) random salt for each hash further strengthening the security. |
Wtf just google it! Argon2 is the official successor of Bcrypt and Scrypt.
And...? Argon2 can do even more. You can specify the iterations, and also the memory consumption and other things to prevent other attacks. Also, Argon2 has won the official PHC! -->
--> https://en.wikipedia.org/wiki/Argon2 It has also won against Bcrypt and Scrypt.... |
|
As a note with security algorithms, older does not inherently mean worse or less secure. Nor does something newer mean more secure. Older ones have been tested by time in the wild. As another note, NIST recommends PKDBF (prolly misspelled, on mobile) for a security hashing algorithm. |
|
@Eyremba Thank you for the quick reply. Argon2 really does seem promising! @Gnat008 That's exactly what I ment. This doesn't mean that bcrypt isn't 'secure' anymore. However, I did find some articles where it was mentioned that more efficient ways to brute force bcrypt hashes have been found. Again, this doesn't instantly render it an 'unsecure' algorithm. I must add, that if a single algorithm is used; Argon2 seems to be the best option. |
That's because they have not tested Argon2 yet, however, Argon2 has won the official Password Hashing Competition in July 2015. And just as another note, the popular password manager "KeePass" which is used by millions of people uses Argon2 too since the last version/release. |
|
Congratulations. Doesn't mean I'm gonna necessarily trust the latest and greatest, for exactly the reasons I gave above. Maybe it is better. But maybe it has a critical flaw that we don't know about yet because it hasn't spent too long in the wild. See what I'm getting at here? |
Argon2 and/or scrypt
Argon2 and/or scrypt|
We implemented Argon2 ;) |
|
Due to devbukkit limitations we can't publish a jar containing binaries (argon2 implementation has some dlls) |
Could you please make it so that if a user wants to use Argon2, he can download the Argon2 Library here on GitHub manually and put it into the AuthMe config folder? |
|
@krusic22 Could you run |
|
I get "/usr/lib/libargon2.so: symbolic link to libargon2.so.0" |
|
@krusic22 You use the topic/argon2 branch? What exact error do you get in Spigot? Do you use the OpenJDK or the OracleJDK/JRE? EDIT: |
|
Yes. It doesn't give a error just reverts to SHA256. OracleJDK. |
|
What config value is now in your passwordHash option? |
|
ARGON2 also tried just ARGON. |
|
For me it crashes if I put ARGON2 in there and don't have the library installed:
If the library is installed, it works fine. |
|
@games647 How to run Argon2 in windows 10? |
|
@mat41997 |
|
@Xephi any news about that? ;) |
|
It actually works, i've to write the wiki page T.T |
|
Just by the way, this here: https://github.com/andreas1327250/argon2-java is a pure Java implementation of Argon2. It could be maybe implemented into AuthMe, and it would not require any external libraries or dlls or stuff. |
|
That's pretty cool, I would immediately favor that over anything that requires additional steps. Looks like it still needs a little to be mature, though. Maybe I could help out a little. |
Yes. The last changes in the repo were made 5 days ago, so yes it is currently in active developement. But maybe it could be used in AuthMe soon. I have tested this Argon2 version, and it seems to be pretty stable. Also, AuthMe could pull the latest version of Argon2 everytime before a AuthMe release is compiled. |
- Add argon2 implementation - Extract argon2 library check to method on Argon 2 - Add link to Wiki page on errors - Check within Argon2Test if the test cases should be run, not in the abstract parent
|
Available on master branch |
|
Hi @Eyremba @mat41997, we'd be thankful for some feedback :) |
|
Confirmed by krusic22 on Discord that it works, so I close again xP Sorry |
|
Intresting conversation. I implemented Argon2 a while ago, but never documented it because I was unable to find enough evidence proving that the algorithm is "battle tested". I also considered a custom hashing method where multiple algorithms could be combined. but for the same reasons decided not to implement it. I am getting Déjà vu scrolling through this page. On another note, nice work guys. |
|
@lenis0012 Thank you man ;) |
https://github.com/AuthMe/AuthMeReloaded/blob/master/docs/hash_algorithms.md
argon2
https://github.com/p-h-c/phc-winner-argon2
table
The text was updated successfully, but these errors were encountered: