Move password-based key derivation to `Argon2`

Password-based key derivation for both the [backup system](https://github.com/cypherstack/stack_wallet_backup/blob/master/lib/stack_wallet_backup.dart) and [secure storage handler](https://github.com/cypherstack/stack_wallet_backup/blob/master/lib/secure_storage.dart) uses `PBKDF2` with [OWASP-recommended parameters](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2). While this is currently a safe approach given the threat model and parameters used (and a sufficiently complex passphrase), it is suboptimal. We looked into the use of `Argon2`, but library support was not mature enough to deploy.

This is a tracking issue to keep in mind that `Argon2` is a better approach to this kind of key derivation. Once library support evolves sufficiently, we should migrate to it. 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Move password-based key derivation to `Argon2` #8

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Move password-based key derivation to Argon2 #8

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Move password-based key derivation to `Argon2` #8