#30472: Argon2id should be supported and become the default variety for
Argon2PasswordHasher
----------------------------------+--------------------------------------
Reporter: Si Feng | Owner: nobody
Type: New feature | Status: new
Component: Uncategorized | Version: master
Severity: Normal | Resolution:
Keywords: argon2, argon2id | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------------+--------------------------------------
Description changed by Si Feng:
Old description:
> There were two important changes in the upstream
> [https://github.com/hynek/argon2_cffi argon2-cffi] library since Django
> 1.10 was released with Argon2 support:
>
> 1. (Nov 10, 2016) argon2id support was added:
> https://github.com/hynek/argon2_cffi/commit/00120a9880a74a5aedb13ee343bf6ccd507bb2d8
> #diff-1efe26b4b54ac28232eaecb9107ee6ed
> 2. (Apr 9, 2018) argon2id became its default type:
> https://github.com/hynek/argon2_cffi/pull/34/files
>
> When Django 1.10 was released, only argon2d and argon2i were available,
> hence the hard-coded argon2i variety in Argon2PasswordHasher.
New description:
There were three important changes in the upstream
[https://github.com/hynek/argon2_cffi argon2-cffi] library since Django
1.10 was released with Argon2 support:
1. (Nov 10, 2016) argon2id support was added:
https://github.com/hynek/argon2_cffi/commit/00120a9880a74a5aedb13ee343bf6ccd507bb2d8
#diff-1efe26b4b54ac28232eaecb9107ee6ed
2. (Apr 9, 2018) argon2id became its default type:
https://github.com/hynek/argon2_cffi/pull/34/files
3. (Aug 18, 2018) its hasher's default memory cost changed from 512 to
102400, and parallelism from 2 to 8, per [https://tools.ietf.org/html
/draft-irtf-cfrg-argon2-04#section-4 RFC draft] recommendations:
https://github.com/hynek/argon2_cffi/commit/1ec39f8dc7a140b68099549b799301113576bde2
When Django 1.10 was released, only argon2d and argon2i were available,
hence the hard-coded argon2i variety in Argon2PasswordHasher. The
memory_cost = 512 and parallelism = 2 were also copied from argon2-cffi at
that time.
Now we should sync Django with upstream updates.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/30472#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/068.dc2d8231897bb233a27fb02b581f5f62%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
