php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #75388 Argon2: Add secret/key
Submitted: 2017-10-16 12:38 UTC Modified: 2017-10-17 16:20 UTC
From: phpdoc at mail dot my1 dot info Assigned: jedisct1 (profile)
Status: Assigned Package: *Encryption and hash functions
PHP Version: Next Minor Version OS: Win8.1 x64
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2017-10-16 12:38 UTC] phpdoc at mail dot my1 dot info
Description:
------------
In the input/output section of the argon2 standard, there is a key/secret value

https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#page-5

and it is certainly not a bad idea to use that for peppering the passwords for extra security:

https://en.wikipedia.org/wiki/Pepper_(cryptography)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-16 14:03 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2017-10-16 14:03 UTC] requinix@php.net
What are you asking for PHP to do, exactly? And is it something that can/should be easily handled in userland instead?
 [2017-10-17 09:34 UTC] daverandom@php.net
@requinix there is a parameter for argon2i ("Secret value K" in the linked document) which PHP does not expose. It *could* be exposed via a password hash option, however I am not qualified to have an opinion on whether it *should* be.

Notably the $salt option for bcrypt was deprecated in 7 because the idea of the password_hash() API is simplicity and providing secure defaults, I don't know if this may fall into the same category of "things the user should not play with as it may make the resulting hashes less secure".

I think what is being asked for is clear, whether it should be done is for people more qualified than me to discuss. I can't see any record if it being discussed as part of the original proposal. It should probably be brought up on internals.
 [2017-10-17 09:55 UTC] phpdoc at mail dot my1 dot info
@requinix

as daverandom points out, I want to have PHP expose the secret which is a part of argon2.

while while you could work around this by attaching a secret by appending, HMAC, or whatever, you could probably also do argon2 in userland, technically, not that it's a good Idea though and it's nice that we have it in PHP7.2

my point is just if argon2 does have something like this already nicely defined, as part of its own standard, why not use it?

@dave, well the salt is a little bit different than an extra secret.

the salt is most notably a RANDOM piece of data attached to some data before it is thrown into the hash and the salt is essentially visible for everyone who can see thze hash, and is to throw rainbow tables into oblivion. and since a salt is supposed to be random, I think it is not a bad Idea to throw the manual setting of the salt away, because there may certainly people who use the XKCD Random number generator.

a Pepper in contrast is usually a special secret value which is stored not in the database but somewhere else (config file environment, whatever you think is best) and should have a certain complexity to be effective, and its point is to have something that even if an attacker can get the hashes via some database leakages they wont be just getting around and calculating all the passwords, even if these are really ugly ones like 123456 because without the secret, an attacker would be getting nowhere.
 [2017-10-17 16:20 UTC] cmb@php.net
-Status: Feedback +Status: Open -Assigned To: +Assigned To: jedisct1
 [2017-10-17 16:20 UTC] cmb@php.net
Feedback has been provided, so opening again.

Assigning to Frank, since he implemented the argon2 password hashing for PHP,
and apparently doesn't like non-replaceable keys[1]. Besides, using the secret
key doesn't appear to work with argon2*_hash_encoded().

[1] <https://github.com/P-H-C/phc-winner-argon2/issues/222>
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC