Hi, I have started a fork for implementing additional key derivation functions. I have done a basic version of scrypt for now, which should already be an improvement over plain pbkdf2 (using the audited and fuzzed library noble-hashes), although for a pull request, it still needs some work.
One thing I would like an opinion on: the current PBKDF only needs an Iteration count, and sends this via tha API / stores it. For scrypt we could get by, by setting the work factor N (which influences both computation and memory) and store this in the KDF Iterations (although ideally a user could configure the other parameters too). For other KDFs like argon2 this is definitely not enough anymore though, since memory and time hardness are set separately. So this would need changes to both the storage, and the communication between clients and server, to instead deliver something like a KDFOptions object instead of the current KDFIterations number. Should this change be done first?
About argon2: The wasm implementation that has been previously linked looks good to me but it has not been through an audit or fuzzed, so IDK how I feel about using that.