I may not understand the security implications here properly, but as far as I can tell there isn't a strong enough case that Argon2 is fundamentally better than PBKDF2 yet? At least no more than people's arguments that BCrypt is better. I think retaining the simple out of the box experience where you get good, performant enough password hashing is important. I'd say 1.3 seconds is fundamentally *not* fast enough. If someone upgrades their site to Django 1.10 without noticing the change and we force this upgrade the suddenly every user's login to the site costs 1.3 seconds - that's an enormous amount of server load.
M On 29 January 2016 at 10:01, Bas Westerbaan <b...@westerbaan.name> wrote: > Hi all, > > The PR[1] that adds Argon2 as a PasswordHasher is ready to be merged. It > does not make Argon2 the default. The reasons not to make it the default > are: > > 1. Argon2 is young. (Its design, though, is uncontroversial.) > 2. Argon2 requires C-bindings and thus does not work on every platform > Django wants to support. > > I like to discuss how to take away the last concern. > > We could make Argon2 the default on a system if the C-bindings are > available and otherwise fallback to PBKDF2.[2] The problem is that it > might happen that switching servers Argon2 might become unavailable and so > users might not be able to log-in anymore. To solve this, I wrote a pure > Python implementation of Argon2.[3] It it quite a bit slower[4] than the > C-version and so I suggest to only use it to switch to another > PasswordHasher if the C-version of Argon2 isn’t available anymore.[5] > > What do you think? > > Best, > > Bas > > > --- > [1] https://github.com/django/django/pull/5876 > [2] Maybe add an `should_be_used’ field to the class and skip > PasswordHasher’s for which this is False. > [3] https://github.com/bwesterb/argon2pure > [4] The Argon2 hash in the PR takes ~5ms in C and ~1.3s in Python. Having > to wait 1.3s once per user to change to another PasswordHasher is, I guess, > acceptable. (There is still a lot of room for optimisation. Maybe it > could go down to ~100ms, but probably not any more.) > [5] Maybe add an `can_be_used’ field to PasswordHasher to indicate that > even though it should not be used as default, it can still verify. > > On 03 Jan 2016, at 14:52, Bas Westerbaan <b...@westerbaan.name> wrote: > > Hynek weighted in[1]. I think the PR is ready to merge. > > Best wishes, > > Bas > > > [1] https://github.com/django/django/pull/5876#issuecomment-168411156 > > On 27 Dec 2015, at 13:39, Florian Apolloner <f.apollo...@gmail.com> wrote: > > I do not see anything wrong in the PR and there is probably no reason not > to include it. It would be great if you could get feedback from dstufft > and/or hynek in #cryptography-dev -- not that we miss something. > > Cheers, > Florian > > On Sunday, December 27, 2015 at 12:36:02 AM UTC+1, Bas Westerbaan wrote: >> >> Hello, >> >> This morning I submitted a Pull Request[1], which adds a PasswordHasher >> for argon2 – the winner of the Password Hashing Competition.[2] Tim Graham >> mentioned I should send an e-mail to this list to discuss it. >> >> The patch is mostly pretty straight-forward. I would like to add a few >> remarks on some of the choices. >> >> 1. There are two Python packages that implement argon2. Both bind >> libargon2[3]. The first is argon2_py[4], which uses ctypes. The second is >> argon2-cffi[5], which uses... cffi. Bindings using cffi are more portable, >> so I choose argon2-cffi. >> >> 2. argon2 has four parameters: (i) variety ("type"), (ii) time cost >> ("t"), (iii) memory cost ("m") and (iv) parallelism ("p"). There are two >> varieties: argon2i and argon2d. The first (argon2i) is safest against >> side-channel attacks. The second tries less hard to be secure against >> side-channel attacks in favour of being more resilient against GPU >> brute-forcing. For web-apps, the first "argon2i" is the clear choice. For >> the other parameters I choose to use the same defaults as of argon2-cffi: >> t=2, m=512, p=2. On a i7-4790 @ 3.6Ghz the hash takes around 2ms to >> compute. >> >> Best wishes, >> >> Bas >> >> >> >> [1] https://github.com/django/django/pull/5876 >> [2] https://password-hashing.net >> [3] https://github.com/p-h-c/phc-winner-argon2 >> [4] https://github.com/flamewow/argon2_py >> [5] https://github.com/hynek/argon2_cffi >> > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Django developers (Contributions to Django itself)" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/django-developers/NTfqP4eNVyA/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/9a3378d2-3a8b-4bd9-b1e0-d64e25475d02%40googlegroups.com > <https://groups.google.com/d/msgid/django-developers/9a3378d2-3a8b-4bd9-b1e0-d64e25475d02%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Django developers (Contributions to Django itself)" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/django-developers/NTfqP4eNVyA/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/12EFBCDD-B66A-4B50-906C-286A3574472F%40westerbaan.name > <https://groups.google.com/d/msgid/django-developers/12EFBCDD-B66A-4B50-906C-286A3574472F%40westerbaan.name?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/487B01C8-3B5E-4910-B76D-97BA318BE029%40westerbaan.name > <https://groups.google.com/d/msgid/django-developers/487B01C8-3B5E-4910-B76D-97BA318BE029%40westerbaan.name?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMwjO1HktzGsomvQt9RG2g3bxwgX5EfvstN2ger%2Bgm0JuJTR8g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
