[Proposal] Upgrade Vault Key Derivation Function from scrypt to Argon2id #1781
Description
Hi Aegis team!
I would like to open this proposal to discuss upgrading the vault's Key Derivation Function (KDF) from scrypt to Argon2id.
A patch for this has already been prepared and tested, but I want to ensure the implementation makes sense for the maintainers before opening a formal Pull Request. Additionally, since I am not a Java developer by trade, I welcome any feedback on code style or project-specific patterns to ensure the contribution meets Aegis' standards.
Why Argon2id?
While scrypt is a strong, memory-hard algorithm, Argon2id is currently considered the industry gold standard and is the primary recommendation by OWASP in their Password Storage Cheat Sheet.
- PHC Winner: Password Hashing Competition
- OWASP Guidelines: Password Storage Cheat Sheet
Implementation Details
Since Aegis already utilizes BouncyCastle, the Argon2BytesGenerator was used.
The default Argon2id parameters are set to m=65536 (64MB), t=3, and p=4. Following with the RFC 9106 recommendations for memory-constrained environments.
A migration path is included. When a user successfully unlocks their vault, if slot.isUsingSCrypt() returns true, the app derives a new key using Argon2id and re-encrypts the Master Key.
You can check out the implementation details in this comparison view:
https://github.com/beemdevelopment/Aegis/compare/master...ugsto:Aegis:feature/add-argon2id
Would you be open to this change? If you agree with the approach, I can go ahead and open a Draft PR for a more detailed review!