very-amused/argon2_mariadb
1
0
Fork 0
Code Issues 1 Pull requests Releases Activity Actions

Mariadb crashes when calling verify #1

New issue
Open
opened 2025-03-22 01:40:34 -04:00 by TheThing · 1 comment
TheThing commented 2025-03-22 01:40:34 -04:00 (Migrated from github.com)
Copy link

Hi there.

Have you tested this in latest mariadb?

I get a brutal mariadb crash whenever I try to run verify and I think it's because the argon2 upstream library is no longer maintained and has issues.

Hi there. Have you tested this in latest mariadb? I get a brutal mariadb crash whenever I try to run verify and I think it's because the argon2 upstream library is no longer maintained and has issues.
very-amused commented 2025-03-27 19:22:20 -04:00 (Migrated from github.com)
Copy link

Hello and sorry for the delayed response. This library hasn't been tested against newer versions of MariaDB, so there may be an API change that created an incompatibility. Since MariaDB loads plugins using dynamic linking, it's absolutely possible that a minor API incompatibility could unfortunately snowball into a daemon crash. I'm finishing up my midterms for university, so I can't give this issue the attention it deserves for a couple more days. I'll let you know what I find after taking a look.

Regarding the upstream library, this library implements bindings to Argon2's reference implementation. Cryptographic reference implementations are generally not updated except when doing so yields a major security or performance gain. One reason for this pattern is the high burden of proof on the authors to provide a provably secure implementation of the underlying algorithm which can be linked with or referenced in the writing of other implementations. Thus, these reference implementations don't often see frequent, small releases and can remain untouched for years once shown to be secure and performant under scrutiny. See this KeePassium issue for more relevant discussion on the subject.

Hello and sorry for the delayed response. This library hasn't been tested against newer versions of MariaDB, so there may be an API change that created an incompatibility. Since MariaDB loads plugins using dynamic linking, it's absolutely possible that a minor API incompatibility could unfortunately snowball into a daemon crash. I'm finishing up my midterms for university, so I can't give this issue the attention it deserves for a couple more days. I'll let you know what I find after taking a look. Regarding the upstream library, this library implements bindings to Argon2's _reference implementation_. Cryptographic reference implementations are generally not updated except when doing so yields a major security or performance gain. One reason for this pattern is the high burden of proof on the authors to provide a provably secure implementation of the underlying algorithm _which can be linked with or referenced in the writing of other implementations_. Thus, these reference implementations don't often see frequent, small releases and can remain untouched for years once shown to be secure and performant under scrutiny. [See this KeePassium issue for more relevant discussion on the subject.](https://github.com/keepassium/KeePassium/issues/429)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
very-amused/argon2_mariadb#1
No description provided.