aead/argon2 archived, moved to x/crypto/argon2

[eenblam]

From https://github.com/aead/argon2:

This Argon2 implementation was submitted to the golang x/crypto repo. I recommend to use the official x/crypto/argon2 package if possible. This repository also exports Argon2d and Argon2id. It is recommended to use Argon2id as described in the RFC draft.

[tobischo]

Keepass2 uses Argon2d. https://github.com/aead/argon2 exposes usage of Argon2d. The official x/crypto/argon2 package does not. There are even issues around that, with discussions about this very matter, which have been shut down with the argument, that they do not want to expose unsafe options that shouldn't be used, even though argon2d is fine for an offline version as used in keepass2.

It is therefore not possible to move th x/crypto/argon2 without getting that functionality exposed.

https://github.com/golang/crypto/blob/master/argon2/argon2.go#L102 is not exposed

https://github.com/golang/crypto/blob/master/argon2/argon2.go#L74 uses argon2i

https://github.com/golang/crypto/blob/master/argon2/argon2.go#L98 uses argon2id

[tobischo]

Here is the issue golang/go#23602 where this is mentioned.

I recommend to use the official x/crypto/argon2 package if possible

As this is only an implementation working on compatibility with standard Keepass2, and Keepass2 uses argon2d, the "if possible" part is not fulfilled

[tobischo]

Closed for lack of activity.