Message ID | 87lh2jpdo7.fsf@openmailbox.org |
---|---|
State | New |
Headers | show |
On Sun, Jun 05, 2016 at 03:46:00PM -0500, Lukas Gradl wrote: > > Hello Guix, > > Attached is a patch to add the password hashing library Argon2. It is a > dependency for opendht. Thanks :) > The source tree contains the directory "blake2". At first I thought > this is a bundled version of blake2, but it seems that this is a > seperate implementation. The sources bundled with Argon2 are > significantly different from the ones at > https://github.com/BLAKE2/BLAKE2. > My conclusion is that this is a Blake2 implementation made by and for > Argon2. Thus I did not unbundle it. Do you agree with this? My understanding from reading about blake2 and argon2 (not reading the code) is that blake2 is a cryptographic hash function [0], and that argon2 is a key derivation function [1] that uses blake2 for hashing. When I see bundled crypto libraries, my questions are, "What's the difference between the bundled library and the upstream code?" and "Will they update the bundled library in a timely fashion?" In this case, the argon2 README.md credits the blake2 code to Samuel Neves, who is one of the designers of blake2. So, I will look into this a little more closely to see if he reimplemented it for argon2 or if they copied it from somewhere else. The patch looks good to me aside from this question. [0] https://blake2.net/ https://en.wikipedia.org/wiki/BLAKE_%28hash_function%29 [1] https://en.wikipedia.org/wiki/Argon2 https://www.argon2.com/ https://password-hashing.net/submissions/specs/Argon-v3.pdf
On Sun, Jun 05, 2016 at 05:39:08PM -0400, Leo Famulari wrote: > In this case, the argon2 README.md credits the blake2 code to Samuel > Neves, who is one of the designers of blake2. So, I will look into this > a little more closely to see if he reimplemented it for argon2 or if > they copied it from somewhere else. Argon2's commit history shows that Samuel Neves is a frequent contributor to argon2, including the blake2 code. So, I think this package is fine.
On Sun, Jun 05, 2016 at 11:42:42PM -0400, Leo Famulari wrote: > On Sun, Jun 05, 2016 at 05:39:08PM -0400, Leo Famulari wrote: > > In this case, the argon2 README.md credits the blake2 code to Samuel > > Neves, who is one of the designers of blake2. So, I will look into this > > a little more closely to see if he reimplemented it for argon2 or if > > they copied it from somewhere else. > > Argon2's commit history shows that Samuel Neves is a frequent > contributor to argon2, including the blake2 code. So, I think this > package is fine. Pushed as 6d32dd8cef. Thanks!
From ba263b4a49d1acf83e4e42d1e9e0d51572268928 Mon Sep 17 00:00:00 2001 From: Lukas Gradl <lgradl@openmailbox.org> Date: Sun, 5 Jun 2016 15:35:24 -0500 Subject: [PATCH] gnu: Add argon2. * gnu/packages/password-utils.scm (argon2): New variable. --- gnu/packages/password-utils.scm | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index 30ed130..1579821 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org> ;;; Copyright © 2016 Jessica Tallon <tsyesika@tsyesika.se> ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr> +;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -295,3 +296,39 @@ Synchronization is possible using the integrated git support, which commits changes to your password database to a git repository that can be managed through the pass command.") (license license:gpl2+))) + +(define-public argon2 + (package + (name "argon2") + (version "20160406") + (source + (origin + (method url-fetch) + (uri + (string-append + "https://codeload.github.com/P-H-C/phc-winner-" + name "/tar.gz/" version)) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0g6wa94sh639xl1qc8z21q43r1mp8y77r1zf8nwx5pfsxd8fmyzv")))) + (build-system gnu-build-system) + (arguments + `(#:test-target "test" + #:make-flags '("CC=gcc") + #:phases + (modify-phases %standard-phases + (delete 'configure) + (replace 'install + (lambda _ + (let ((out (assoc-ref %outputs "out"))) + (install-file "argon2" (string-append out "/bin")) + (install-file "libargon2.a" (string-append out "/lib")) + (install-file "libargon2.so" (string-append out "/lib")) + (copy-recursively "include" + (string-append out "/include")))))))) + (home-page "https://www.argon2.com/") + (synopsis "Password hashing library") + (description "Argon2 provides a key derivation function that was declared +winner of the 2015 Password Hashing Competition.") + (license license:cc0))) -- 2.7.4