https://bugs.openldap.org/show_bug.cgi?id=9517
--- Comment #3 from gilbert.kowarzyk@servicenow.com --- (In reply to Michael Ströder from comment #2)
(In reply to gilbert.kowarzyk from comment #1)
that is, the parallelism is not respected (it shows "p=1" instead of the expected "p=6".
Is your OpenLDAP installation using libsodium? AFAIK libsodium ignores parallelism > 1.
Hello,
I believe it is indeed using libsodium.
I went to look into the source code, and can confirm that libsodium may be ignoring "parallelism > 1".
The lower-level function that is called does accept a "uint32_t parallelism" value: https://github.com/jedisct1/libsodium/blob/6d566070b48efd2fa099bbe9822914455...
Nevertheless, the higher-level API seems to be hardcoding it to 1 here: https://github.com/jedisct1/libsodium/blob/6d566070b48efd2fa099bbe9822914455...
It seems to be, based on (https://libsodium.gitbook.io/doc/password_hashing/default_phf#guidelines-for...), that they only allow tweaking the algorithm in 2 dimensions (basically number of "iterations" and amount of "memory" used), instead of 3 dimensions as per the reference (i.e. also "parallelism"). This is a bit unfortunate, as it does not follow the spec by the Argon2 paper.
Another issue is that the OpenLDAP documentation for pw-argon2 (e.g. https://manpages.ubuntu.com/manpages/groovy/man5/slapd-pw-argon2.5.html) seems to imply that it is possible to (rightly for the algorithm) select the parallelism to use.
Some further thoughts: - if implementations other than libsodium are available, maybe the pros and cons of each should be stated somewhere - if it is possible to use the lower level libsodium call, maybe the parameter could then be considered - if libsodium is not implementing argon2 as per the spec, maybe it should not be used?