-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Argon2[d/i/id] KDF algorithms #8939
Comments
It's not yet in an OpenSSL release, once it is we'll look at adding support. |
Awesome, I'll ping when OpenSSL 3.2 is out. :-) Would it be possible to already design the interface etc. beforehand or do you want to only start looking into this once OpenSSL eventually does an alpha/beta/final release? Should this call directly into the OpenSSL backend or towards Rust via the |
Sure, we're happy to design the interface, we're even happy to have a draft
PR, we just won't merge it until 3.2 is out.
https://github.com/pyca/cryptography/blob/main/src/rust/src/backend/kdf.rs
is where the KDF's core are implemented, and
https://github.com/pyca/cryptography/tree/main/src/cryptography/hazmat/primitives/kdf
contains the public Python APIs. We'll probably just follow this pattern
unless there's a reason not to.
…On Wed, May 17, 2023 at 11:00 AM MarkusTeufelberger < ***@***.***> wrote:
Awesome, I'll ping when OpenSSL 3.2 is out. :-)
Would it be possible to already design the interface etc. beforehand or do
you want to only start looking into this once OpenSSL eventually does an
alpha/beta/final release? Should this call directly into the OpenSSL
backend or towards Rust via the openssl crate? I just quickly looked into
scrypt and that seems to already call into Rust:
https://github.com/pyca/cryptography/blob/c1ff39ff5cb0a179cd9a8fa44dd94482487e2fa5/src/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi
—
Reply to this email directly, view it on GitHub
<#8939 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBCOEXKO4EFVHO2V3UDXGTRZLANCNFSM6AAAAAAYE4XASE>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
Now that 3.2's release is getting close we're tracking features like this in #9795 |
#2643 was unfortunately closed and limited already, So here is a new issue:
OpenSSL has finally merged Argon2 support (https://www.openssl.org/docs/manmaster/man7/EVP_KDF-ARGON2.html and openssl/openssl#12256 - openssl/openssl#4091 probably should be closed, I don't see anything missing in OpenSSL any more regarding Argon2)
Please consider adding support for Argon2 (and especially the Argon2id variant) to
cryptography
.The text was updated successfully, but these errors were encountered: