• Contact: tech-userlevel, tech-crypto
• Mentors: Martin Husemann, Alistair G. Crooks
• Duration estimate: 3 months

IMPORTANT: This project was completed by Jason High. You may still contact the people above for details, but please do not submit an application for this project.

We are currently offering to store local users passwords (in /etc/master.passwd) using various encodings, including MD5, SHA1 and blowfish. None of this is state of the art from a modern cryptography point of view.

The goal of this project is to extend the existing mechanism (see passwd.conf(5) by a modern algorithm, the winner of the password hashing competition, Argon2.

This means integrating the Argon2 reference implementation into the NetbSD source tree and library build, in a general form allowing its use for other purposes as well (as a hmac-style keyed hash function). Of course it has to build on all architectures. An optional step to be done later in the project is to use native crypto instructions on various architectures to enhance performance.

After making this function available, the main step is to enhance the passwd configuration functions, pwhash(1), passwd(1), passwd(5) and everything around that where necessary to allow storing local users passwords in the new format.