mirror of
https://github.com/lldap/lldap.git
synced 2024-10-23 20:29:50 +00:00
auth: Add a disclaimer around the argon hash
Some people initially thought that the fixed salt was a security flaw. This comment clarifies the role of the Argon hash and justifies the fixed salt.
This commit is contained in:
parent
394e54b92d
commit
f026e7cd38
1 changed files with 5 additions and 0 deletions
|
@ -15,6 +15,11 @@ pub type KeyPair = opaque_ke::keypair::KeyPair<<DefaultSuite as CipherSuite>::Gr
|
||||||
/// A wrapper around argon2 to provide the [`opaque_ke::slow_hash::SlowHash`] trait.
|
/// A wrapper around argon2 to provide the [`opaque_ke::slow_hash::SlowHash`] trait.
|
||||||
pub struct ArgonHasher;
|
pub struct ArgonHasher;
|
||||||
|
|
||||||
|
/// The Argon hasher used for bruteforce protection.
|
||||||
|
///
|
||||||
|
/// Note that it isn't used to "hash the passwords", so it doesn't need a variable salt. Instead,
|
||||||
|
/// it's used as part of the OPAQUE protocol to add a slow hashing method, making bruteforce
|
||||||
|
/// attacks prohibitively more expensive.
|
||||||
impl ArgonHasher {
|
impl ArgonHasher {
|
||||||
/// Fixed salt, doesn't affect the security. It is only used to make attacks more
|
/// Fixed salt, doesn't affect the security. It is only used to make attacks more
|
||||||
/// computationally intensive, it doesn't serve any security purpose.
|
/// computationally intensive, it doesn't serve any security purpose.
|
||||||
|
|
Loading…
Reference in a new issue