-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose Argon2 password derivation #50
Comments
Would you be able to draft some (failing) test cases and documentation, do you think? I think then it'd be straightforward to write the wrapper stubs and get the tests to pass. |
Thank you for the quick reply! I should make it very clear that I’m quite new to the whole setup (emscripten, wasm, and not least NaCl/libsodium itself), so I may be botching conventions quite badly, or even misusing it. In trying to piece together a solution by combining your docs (+TS bindings) and the docs at https://libsodium.gitbook.io/doc/, it seems to me that what I’m missing is what fails here: https://github.com/haggholm/nacl-test Since I’m just starting to look at it, I may be providing bad inputs &c., but it seems to me that it should be possible to get it and https://github.com/ranisalt/node-argon2 to generate the same output. (And I’d much rather do it through |
That sounds about right. Can you make a PR that integrates with the test cases and docs (such as they are) as they stand? |
The README (very correctly) notes that you should not derive a key without running it through a strengthening function like PBKDF2, but libsodium itself already ships with one—Argon2. From brief inspection, it seems that the
nacl_raw
property (the WASM code?) contains this functionality, e.g.nacl_raw._crypto_pwhash_argon2id_alg_argon2id13
et al.I’d love to create a PR, but having no experience with WASM-compiled code, I worry that a half-baked PR is more likely to either be a nuisance or a security hole; looking at
nacl_cooked.js
, I am guessing it isn’t a very big task…for someone who knows what they’re doing, which (alas) I here do not.Any chance of exposing the Argon2 API?
The text was updated successfully, but these errors were encountered: