title="Add Argon2 password hashing"
[Alistair G. Crooks](mailto:agc@NetBSD.org)
We are currently offering to store local users passwords (in `/etc/master.passwd`) using various encodings, including MD5, SHA1 and blowfish.
None of this is state of the art from a modern cryptography point of view.
The goal of this project is to extend the existing mechanism (see [[!template id=man name="passwd.conf" section="5"]] by a modern algorithm, the winner
of the [password hashing competition](http://www.password-hashing.net/), Argon2.
This means integrating the Argon2 reference implementation into the NetbSD source tree and library build,
in a general form allowing its use for other purposes as well (as a hmac-style keyed hash function).
Of course it has to build on all architectures. An optional step to be done later in the project is to use
native crypto instructions on various architectures to enhance performance.
After making this function available, the main step is to enhance the passwd configuration functions,
[[!template id=man name="pwhash" section="1"]], [[!template id=man name="passwd" section="1"]], [[!template id=man name="passwd" section="5"]] and everything around that where necessary to allow storing local users
passwords in the new format.
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb