Author: Drew DeVault <email@example.com>
Date: Wed, 4 May 2022 10:24:18 +0200
crypto::argon2: fix erroneous recommendation
Signed-off-by: Drew DeVault <firstname.lastname@example.org>
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/crypto/argon2/README b/crypto/argon2/README
@@ -18,7 +18,8 @@ respectively.
Equipped with the necessary parameters, the user may call the appropriate argon2
variant via [[argon2d]], [[argon2i]], or [[argon2id]]. If unsure which to use,
+choose [[argon2id]]. The RFC is the authoratative source on the appropriate
+argon2 variant and configuration parameters for your use-case.
This is a low-level module which implements cryptographic primitives. Direct use
of cryptographic primitives is not recommended for non-experts, as incorrect use
diff --git a/crypto/argon2/argon2.ha b/crypto/argon2/argon2.ha
@@ -119,8 +119,6 @@ export fn argon2d(
// The argon2i mode uses data-independent memory access and is suitable for
// password hashing and key derivation. It makes more passes over memory to
// protect from trade-off attacks.
-// If you are unsure which variant to use, argon2i is recommended.
export fn argon2i(
@@ -137,6 +135,8 @@ export fn argon2i(
// The argon2id mode works by using argon2i for the first half of the first pass
// and argon2d further on. It provides therefore protection from side-channel
// attacks and brute-force cost savings due to memory trade-offs.
+// If you are unsure which variant to use, argon2id is recommended.
export fn argon2id(