mirror/lldap
1
0
Fork 0
mirror of https://github.com/nitnelave/lldap.git synced 2023-04-12 14:25:13 +00:00
Code Issues Projects Releases Wiki Activity

auth: Add a disclaimer around the argon hash

Browse Source 
Some people initially thought that the fixed salt was a security flaw.
This comment clarifies the role of the Argon hash and justifies the
fixed salt.
This commit is contained in:
Valentin Tolmer 2021-10-20 14:43:02 +09:00 committed by nitnelave
parent 394e54b92d
commit f026e7cd38
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
auth/src/opaque.rs
View File

@ -15,6 +15,11 @@ pub type KeyPair = opaque_ke::keypair::KeyPair<<DefaultSuite as CipherSuite>::Gr
/// A wrapper around argon2 to provide the [`opaque_ke::slow_hash::SlowHash`] trait. /// A wrapper around argon2 to provide the [`opaque_ke::slow_hash::SlowHash`] trait.
pub struct ArgonHasher; pub struct ArgonHasher;
/// The Argon hasher used for bruteforce protection.
///
/// Note that it isn't used to "hash the passwords", so it doesn't need a variable salt. Instead,
/// it's used as part of the OPAQUE protocol to add a slow hashing method, making bruteforce
/// attacks prohibitively more expensive.
impl ArgonHasher { impl ArgonHasher {
/// Fixed salt, doesn't affect the security. It is only used to make attacks more /// Fixed salt, doesn't affect the security. It is only used to make attacks more
/// computationally intensive, it doesn't serve any security purpose. /// computationally intensive, it doesn't serve any security purpose.