- From: Jan Winkelmann <jan@leastauthority.com>
- Date: Tue, 2 Nov 2021 17:48:03 +0100
- To: public-web-security@w3.org
Hi all, I am new here! My background is not specifically the web, but cryptography and security, and I've been conducting security audits with Least Authority in the past few years. I am going to comment on the Web Crypto API. My understanding is that this is the right place to do that, since the working group disbanded. If that is not the case, I am sorry and curious where I should head instead. I searched both the archives of the old mailing list as well as this one for previous discussions on the topic but couldn't find any. I am writing because several projects we have reviewed used PBKDF2 from the Web Crypto API to derive key material from a password. We have consistently flagged this, because the function is purely CPU-bound and can be sped up using FPGAs or custom hardware. This is not a new finding. The scrypt algorithm was an attempt to mitigate this and first published in 2009 and Argon2 won the Password Hashing Competition in 2015. Currently, we recommend to projects in the web space (often extensions) to use an Argon2 WASM module to do the computation. I think it is curious that what I and others I talk to consider the best practice password hashing algorithm has no support in the Web Crypto API. Have there been discussions about adding it internally? Or is the entire API on its way towards deprecation, now that WASM allows relatively fast execution of crypto code? I'm looking forward to your responses! Cheers, Jan -- Jan Winkelmann Security Researcher & Engineer Least Authority TFA GmbH
Received on Thursday, 4 November 2021 13:01:55 UTC