← Back to context

Comment by d-z-m

2 years ago

For your KDF, how did you select the parameters for Argon2id? How often is the KDF invoked / what are your requirements for speed in KDF'ing?

Nit, but your "pepper" is confusingly named IMO, because it is hardcoded and not secret. "label" may make more sense.

However, one thing to keep in mind with the use of a static(and public) Argon2 salt is that it allows an attacker to pre-compute keys. If this package were to gain adoption, I think that may become a bigger issue. I would reccommend randomly generating a 128 bit salt, similar to how you're randomly generating the key if one isn't provided.

9 comments

d-z-m

Reply
ncruces  2 years ago

I used the parameters suggested in the documentation [1], which follow the RFC.

The KDF is invoked every time a connection is opened iff you specify your key with the textkey= parameter. It is ill advised to overuse this, especially if you don't use connection pooling, as it makes opening connections slow. You can bypass the KDF by providing your own 256-bit key using either the hexkey= or key= parameters (key= cannot embed NULLs).

I agree pepper confusing (because the pepper is supposedly secret), but this is not a salt either, as a salt is supposed to be public, but unique. Do you have better naming that you can suggest?

Anyway, I forgot to do this, but the intention was for the pepper to be changeable as a build parameter. Thanks for reminding me!

[1] https://pkg.go.dev/golang.org/x/crypto/argon2#IDKey

  • d-z-m  2 years ago

    > I used the parameters suggested in the documentation [1], which follow the RFC

    Where in the RFC is your parameter set mentioned? I don't see it anywhere[0]. The only parameter set I see mentioned with memory requirement as low as 64 MiB have t=3, not t=1. I believe the Go documentation might be outdated.

    [0]: https://datatracker.ietf.org/doc/rfc9106/

    > I agree pepper confusing (because the pepper is supposedly secret), but this is not a salt either, as a salt is supposed to be public, but unique. Do you have better naming that you can suggest?

    If it's tweakable at build, perhaps pepper makes more sense.