Hacker News new | ask | show | jobs
by evolve2k 1271 days ago
> To my disappointment (and mild horror), almost all password managers are using PBKDF2, which is known to be completely suboptimal to store passwords, and has been for the last 15 years, but it's apparently the only one without abysmal performance in Javascript.

Anyone have a better idea?
4 comments
some_furry 1271 days ago
I'm the Soatok Dreamseeker the author cites.

I've previously disclosed cryptographic bugs to both LastPass and 1Password. I've written about my experiences: https://furry.engineer/@soatok/109560736140669727

The post I wrote about the intersection of Passwords and Cryptography was spun off as a prerequisite for a longer post I was writing about password management from the perspective of a cryptography engineer.

As part of that post, I planned to review Bitwarden (since it's open source and therefore I don't have to expend the additional mental cycles to reverse engineer it like I did LP/1P's offerings).

The challenges faced by browser extensions with other password DKFs is that, if you want performance, you don't want to write it in a scripting language. WebAssembly might work, but the ideal outcome is to be able to call `await crypto.subtle.Argon2id(/* args */)` and get your result.

The path forward, therefore, is to get Argon2id support into WebKit, Chrome, and Node.js.

link
evolve2k 1270 days ago
So a project like this? https://github.com/antelle/argon2-browser

Per their README it seems it’s implemented into “KeeWeb”.

KeeWeb is a free cross-platform password manager compatible with KeePass.

https://keeweb.info https://github.com/keeweb/keeweb

Anyone checked out KeeWeb?

link
some_furry 1270 days ago
> So a project like this? https://github.com/antelle/argon2-browser

Notice how they don't provide any benchmarks that aren't Native or WASM?

https://soatok.blog/2022/12/29/what-we-do-in-the-etc-shadow-...

This doesn't help iOS users in Lockdown mode. It may also break for users who run their OS in FIPS mode.

link
amenghra 1271 days ago
Today, you would probably consider Argon2 since it specifically came out of a competition for password hashing functions.

Historically, scrypt, bcrypt and pbkdf2 have all three been widely used.

link
rpdillon 1271 days ago
Author's need to for compromised password monitoring and cloud-based operation (in a web browser) exclude the obvious choice: KeepassXC. It supports Argon2, Argon2id, as well as AES-KDF. This works with KeepassDX on Android, but has the expected effect of slowing down access to the DB, since the phone has less power than the laptop.
link
britneybitch 1271 days ago
KeepassXC can check for compromised passwords using HIBP since v2.6.0. https://github.com/keepassxreboot/keepassxc/pull/4438
link
gavinray 1271 days ago
As someone who often implements their own authentication for backend services, I follow the advice to use scrypt or Argon2.

Argon2 is a bit of a PITA though because it needs to be re-hashed sometimes.

link