|
|
|
|
|
|
by maqp
1270 days ago
|
|
|
There is no reason not to use Argon2 in place of weaker alternative, especially when there's no UX overhead. The threat model "for an average Joe who just wants to stash a secret somewhere and not have it in plaintext" should probably be written in red, font size 48. But take a look what the author is actually saying it can be used for, i.e. to "securely store passwords". The currently available tools like KeepassXC that do just that, also use Argon2. "Your Argon2 memory hard function is useful against mass surveillance and belongs in mass market products." Well if this product isn't for mass-market, it's for niche use, and here I thought niche products are usually for the special security cases for people who need extra security, but you're implying average Joes should NOT use mass market grade security but something niche and less secure. |
|
|
Thank you for mentioning Argon2, I didn't know about it. https://en.wikipedia.org/wiki/Argon2
> There is no reason not to use Argon2
In this case, the reason for not using Argon2 is that it's not available: https://www.w3.org/TR/WebCryptoAPI/
> Well if this product isn't for mass-market
This is a demo for self-contained HTML encrypted secrets. Do with it what you want. Definitely not a product in the current format.