-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: add argon2() and argon2Sync() methods #50353
base: main
Are you sure you want to change the base?
Conversation
Review requested:
|
I'm curious: now that |
@tniessen how to handle the different parameters used by each KDF? At some point you will need separate functions to set the parameter list, but fetching the KDF and applying it can be merged. Also, what's the status on having a standard "password hash" function (like PHP) that is transparent to the user? Strong defaults, no parameters besides password, and returning encoded string. |
But doesnt argon2 give different results based on parallelism? If so, doesnt this mean that if somebody uses argon2 for his product he is forced to not use parallelism. Later if it is decided they want to use parallelism, it is not backwards compatible? |
@ranisalt Various cryptographic libraries do this in more or less elegant ways.
I think that's a separate discussion. As long as Node.js provides the primitives (such as Argon2), I think this can be a userland library.
@Uzlopak Yes, the result may depend upon the parallelism parameter. No, that does not mean that users cannot use parallelism. Users are responsible for choosing appropriate parallelism parameters, and parallelism can always be emulated through sequential operations. Please refer to |
Argon2 has two parallelism options, lanes and threads. Changing lanes will change the resulting hash, as it changes the underlying memory layout that is used. Changing threads, however, does not change the hash, it just allows operating in lanes (which are independent) in parallel. Usually, you want both to be the same, but it doesn't have to, as long as you have lanes >= threads. The Argon2 RFC itself doesn't even mention threads, only lanes, it's an implementation detail. @tniessen thanks for the suggestions. I think that a generic KDF function would be excellent. |
I'm sure supportive of such an API using Could even be, as we now have with |
feb134d
to
f2e66e2
Compare
f2e66e2
to
539ead1
Compare
Added parallelism support by creating a new OpenSSL context for each hash. This is needed for the async mode, otherwise there is a race condition when one job finishes and resets the thread pool size to 0 while another job is still running. |
Sorry I just noticed the mention on this. Yes, I'd be supportive of a generic API as opposed to protocol-specific APIs. |
Good news: OpenSSL 3.2 has finally been released Bad news: there are incompatibilities with quictls' fork that won't be solved so soon. |
@nodejs/crypto does anyone know if this has moved forward in any way? As far as I've seen there is a PR that's being reviewed for a while, but I don't have any other details. |
This is still blocked while we wait for an LTS release of OpenSSL that contains the new APIs. |
OpenSSL has been launching LTS releases roughly every 3 years (2015, 2018, 2021) so it may be out soon, hopefully I'm gonna rebase this PR soon |
FWIW I've now added testing Node.js against OpenSSL 3.2 to our Jenkins CI: ubuntu2204_sharedlibs_openssl32_x64 (as part of node-test-commit-linux-containered). For Node.js, the position hasn't changed -- we'll continue to bundle OpenSSL 3.0 as it is LTS and will review when OpenSSL announce what the next LTS version of OpenSSL will be. The new additional testing will at least allow early detection of potential issues for people building Node.js from source against external OpenSSL (e.g. downstream Linux distributions). |
What's the status of this PR? It should be able to get merged now, right? |
Argon2 is a password-based key derivation function that is designed to expensive both computationally and memory-wise in order to make force attacks unrewarding.
OpenSSL added support for the Argon2 algorithm in the 3.2.0 (see openssl/openssl#12256). Add a js API modeled after crypto.scrypt() and crypto.scryptSync().
Related work:
Caveats:
OpenSSL v3.2.0 has not yet been released, so this is preliminary work based on the latest beta release (beta1 as of opening this pull request).To test this pull request, you must have OpenSSL 3.2 or later installed. Run./configure
with the following flags:--shared-openssl --shared-openssl-libpath /usr/lib/openssl-3.2/ --shared-openssl-includes /usr/include/openssl-3.2
(adjust accordingly)It was not possible to enable passing the number of threads to the OpenSSL functions, Node.js hangs if you fire more than one async job at once. For now, it will run single threaded, which affects performance but results in the same hashes, so adding support later should be transparent to the user.solved