Re: [Cfrg] I-D Action: draft-irtf-cfrg-argon2-10.txt

Milan Broz <> Thu, 09 April 2020 09:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7333C3A0CCD for <>; Thu, 9 Apr 2020 02:05:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ThdcqA-8EkZO for <>; Thu, 9 Apr 2020 02:05:41 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 194BE3A0CC8 for <>; Thu, 9 Apr 2020 02:05:40 -0700 (PDT)
Received: by with SMTP id h2so3092694wmb.4 for <>; Thu, 09 Apr 2020 02:05:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=cxiIxvG96uDe+2GJA5jNOMFg2iSxXIVkZM/g3swL/nU=; b=IG4YgZcGFbfahWbNSUNGdOIDx2FkzUptG0KYqafe5yuxymmwWvxc+Uzu+Zml/IRz30 GWEFnR3gzMZ+cDECyjI2BcQuMVkiJUhsC2XUPQb03fn3s6lGz4fz+/c5vxxklKFa+ufH CJst9jxoVk3+rwhryZ1i47FvruWYlGwygA0/BxMTaZlfIgqz3OR6gl8bg4itcAOET/XT BeW6oq1ZwitQleO6I98L5/Bd2sgByCbTCR0JmeVuCbt2Tm4wDBSISLCx0DwUClWC8KQU 0l8REP8jsoRYwmKaGqPKW9gmxw8+6iu4hyqFR4eVozV6HyHTLXX/mKN9kGpv/9W2F+Ju UbLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=cxiIxvG96uDe+2GJA5jNOMFg2iSxXIVkZM/g3swL/nU=; b=qaVjisk1ag2Xtrt68Uw7nYMcYfvhp7D7m/j7W9G2d2SDRUQrVcuAshqONNJ60/1+g1 W/1cFkC++6KoFap0pRfqwoEUAN2vHi5lBr3kqHzVpsv7j/n0MMO26qnO17AnJiRbggiz SsedN8eDnksU7d/3X0Qhu1oh9004iQe3hJSfqlTcaLh+may7vri3qr0wosi2E7sgvoIz HctjXt7fae5qrtY0HZMnCYmssItzqSsIIHHgL8HXrH6wNncqMy9QuIKUx6NdlYNZauuT nkEN+mGsb/NCpE2KHPH5QGBzOrqx1Bz43vgbfp94CsBJhzv8uydBwDLk9x9Rl0ysbsKV +efw==
X-Gm-Message-State: AGi0PuYLFpB+JZLPK5q0cT1wdwuoTiIcbcVxkxzqklVKsSwmRcQy/FNF i7Vfpsg6BNMIVdQsbOccCEMR1K90OEU=
X-Google-Smtp-Source: APiQypId6e5GaFOL7L5jIUw3xw27jiNIJ3yVa0iT56kbLBgh1hPmxaVMq8mpD/z9TRb0tk21jhytDw==
X-Received: by 2002:a7b:cf02:: with SMTP id l2mr8943405wmg.4.1586423138580; Thu, 09 Apr 2020 02:05:38 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id s13sm23236959wrw.20.2020. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 09 Apr 2020 02:05:38 -0700 (PDT)
To: Stephen Farrell <>,
References: <> <>
From: Milan Broz <>
Message-ID: <>
Date: Thu, 9 Apr 2020 11:05:37 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-argon2-10.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 09 Apr 2020 09:05:51 -0000

On 07/04/2020 01:41, Stephen Farrell wrote:
> Hiya,
> I did an IRSG review for -09. This addresses all the issues
> that I found there, except one, and that being (I think)
> the most important one;-)
> The issue: What is a "primary variant" and what is an
> implementer supposed to do?
> The above is a quote from my review of -09. Apologies if I
> missed some change in -10 that addresses this.
> Let me make a suggestion: state that argon2id is mandatory
> to implement, and that the other variants are not.


Argon2id is combination of Argon2i + Argon2d, so implementing
all three variants should be quite easy (code must be there anyway,
it is just about providing external interface to it).

I think all variants should be mandatory...  and as I understand
the current RFC draft (3.1 section), it already says so:

o  Type y of Argon2: MUST be 0 for Argon2d, 1 for Argon2i, 2 for

(We use Argon2 in cryptsetup/LUKS2 and Argon2i (not id) is
currently the primary variant for the key derivation.
For compatibility with existing devices we need support
for all three variants. But obviously, this is just one use case,
RFC is more generic.)