Skip to content

Add Argon2id with password migration support#785

Open
msuliq wants to merge 1 commit intobinarylogic:masterfrom
msuliq:feature/argon2id-crypto-provider
Open

Add Argon2id with password migration support#785
msuliq wants to merge 1 commit intobinarylogic:masterfrom
msuliq:feature/argon2id-crypto-provider

Conversation

@msuliq
Copy link
Contributor

@msuliq msuliq commented Mar 7, 2026

Summary

  • Adds Authlogic::CryptoProviders::Argon2id as a new crypto provider
  • Implements cost_matches? for automatic re-hashing when cost parameters change
  • Works seamlessly with existing transition_from_crypto_providers for zero-downtime lazy migration from any provider on successful login

Context

Authlogic currently offers BCrypt and SCrypt as adaptive hash functions. While both remain viable, Argon2id is the modern standard recommended by OWASP, NIST (SP 800-63B), and the broader cryptographic community:

  • Password Hashing Competition winner (2015) — purpose-built for password storage after years of public cryptanalysis
  • Hybrid resistance — Argon2id combines the side-channel resistance of Argon2i with the GPU/ASIC/FPGA attack resistance of Argon2d, making it the strongest variant for password hashing
  • Three-dimensional cost tuning — independently configurable time cost (t_cost), memory cost (m_cost), and parallelism (p_cost) allow fine-grained control over the security/performance tradeoff
  • Memory-hard by design — unlike BCrypt (which uses only 4 KiB of memory), Argon2id's configurable memory cost (default 64 MiB) makes large-scale parallel attacks on GPUs and custom hardware economically infeasible
  • Post-quantum compliance (PQC) — Argon2id's memory-hardness and configurable output length provide strong resistance against brute-force attacks even in a post-quantum computing landscape. While quantum computers threaten asymmetric cryptography (RSA, ECC), symmetric/hashing primitives like Argon2id remain secure — NIST's post-quantum guidance recommends doubling key lengths for symmetric primitives, which Argon2id supports natively via its hash_len parameter. Its memory-hard design further raises the cost of Grover's algorithm-based search attacks beyond practical feasibility

Usage

# Set Argon2id as the crypto provider
acts_as_authentic do |c|
  c.crypto_provider = Authlogic::CryptoProviders::Argon2id
end

# Lazy migration from an existing provider (re-hashes on next login)
acts_as_authentic do |c|
  c.crypto_provider = Authlogic::CryptoProviders::Argon2id
  c.transition_from_crypto_providers = [Authlogic::CryptoProviders::SCrypt]
end

# Tune cost parameters (existing passwords re-hashed on next login)
Authlogic::CryptoProviders::Argon2id.t_cost = 3
Authlogic::CryptoProviders::Argon2id.m_cost = 17  # 2^17 = 128 MiB

@msuliq
Add Argon2id with password migration support
7a3eab1 
Add Argon2id as crypto provider and add password migration support

- Configurable t_cost, m_cost, and p_cost parameters
- Implements cost_matches? for automatic re-hashing on parameter changes
- Works with transition_from_crypto_providers for lazy migration on login
- argon2 ~> 2.0 added as development dependency
@msuliq msuliq force-pushed the feature/argon2id-crypto-provider branch from eef367c to 7a3eab1 Compare March 7, 2026 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@msuliq