File:  [NetBSD Developer Wiki] / wikisrc / projects / project / Add_Argon2_password_hashing.mdwn
Revision 1.4: download - view: text, annotated - select for diffs
Fri Feb 21 22:25:18 2020 UTC (2 years, 9 months ago) by maya
Branches: MAIN
CVS tags: HEAD
Mark as done by jason high

[[!template id=project

title="Add Argon2 password hashing"


[Martin Husemann](,
[Alistair G. Crooks](

duration="3 months"
done_by="Jason High"

We are currently offering to store local users passwords (in `/etc/master.passwd`) using various encodings, including MD5, SHA1 and blowfish.
None of this is state of the art from a modern cryptography point of view.

The goal of this project is to extend the existing mechanism (see [[!template id=man name="passwd.conf" section="5"]] by a modern algorithm, the winner
of the [password hashing competition](, Argon2.

This means integrating the Argon2 reference implementation into the NetbSD source tree and library build,
in a general form allowing its use for other purposes as well (as a hmac-style keyed hash function).
Of course it has to build on all architectures. An optional step to be done later in the project is to use
native crypto instructions on various architectures to enhance performance.

After making this function available, the main step is to enhance the passwd configuration functions,
[[!template id=man name="pwhash" section="1"]], [[!template id=man name="passwd" section="1"]], [[!template id=man name="passwd" section="5"]] and everything around that where necessary to allow storing local users
passwords in the new format.

[[!tag gsoc]]

CVSweb for NetBSD wikisrc <> software: FreeBSD-CVSweb