Re: [Cfrg] scrypt password-based key derivation function
Håkon Hitland <haakon@likedan.net> Thu, 31 December 2015 21:59 UTC
Return-Path: <haakon@likedan.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE21E1A893F for <cfrg@ietfa.amsl.com>; Thu, 31 Dec 2015 13:59:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.299
X-Spam-Level:
X-Spam-Status: No, score=0.299 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CZxWwCMewwgf for <cfrg@ietfa.amsl.com>; Thu, 31 Dec 2015 13:58:59 -0800 (PST)
Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 257861A8932 for <cfrg@irtf.org>; Thu, 31 Dec 2015 13:58:59 -0800 (PST)
Received: from mfilter26-d.gandi.net (mfilter26-d.gandi.net [217.70.178.154]) by relay2-d.mail.gandi.net (Postfix) with ESMTP id 9306EC5A49 for <cfrg@irtf.org>; Thu, 31 Dec 2015 22:58:57 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mfilter26-d.gandi.net
Received: from relay2-d.mail.gandi.net ([IPv6:::ffff:217.70.183.194]) by mfilter26-d.gandi.net (mfilter26-d.gandi.net [::ffff:10.0.15.180]) (amavisd-new, port 10024) with ESMTP id KUzgDaYfeDuJ for <cfrg@irtf.org>; Thu, 31 Dec 2015 22:58:56 +0100 (CET)
X-Originating-IP: 85.164.179.202
Received: from [10.0.0.6] (ti0152a400-1222.bb.online.no [85.164.179.202]) (Authenticated sender: haakon.out@likedan.net) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 2721AC5A53 for <cfrg@irtf.org>; Thu, 31 Dec 2015 22:58:55 +0100 (CET)
To: cfrg@irtf.org
From: Håkon Hitland <haakon@likedan.net>
Message-ID: <5685A51E.5040204@likedan.net>
Date: Thu, 31 Dec 2015 22:58:54 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/NR_PG9_Wz5buck8wHbiRS4JC6k0>
Subject: Re: [Cfrg] scrypt password-based key derivation function
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2015 22:47:57 -0000
> Hiya, > > Just a heads-up that this is currently up for IESG approval > on the January 7th telechat. If someone had a chance to take > a peek in the meantime that'd be great as there were a few > changes and clarifications done but hopefully nothing bad:-) > > Thanks, > S. > > On 24/09/12 10:55, Simon Josefsson wrote: >> All, >> >> Colin and I have published a draft describing Colin's scrypt key >> derivation function. We would appreciate review of the document: >> >> http://tools.ietf.org/html/draft-josefsson-scrypt-kdf >> >> The input we are seeking here is primarily review of the cryptographic >> aspects and correctness of the algorithm description, although all >> comments and suggestions are appreciated. >> >> Thanks in advance, >> /Simon >> _______________________________________________ >> Cfrg mailing list >> Cfrg at irtf.org >> http://www.irtf.org/mailman/listinfo/cfrg >> Hi, Would it be relevant to mention side-channel attacks in the security considerations section? As I understand it, scrypt could disclose information through cache timing or memory access patterns if the attacker has sufficient access, compared to e.g. Catena and Argon2i which avoid data-dependent memory access. Regards, Håkon Hitland
- [Cfrg] scrypt password-based key derivation funct… Simon Josefsson
- Re: [Cfrg] scrypt password-based key derivation f… Joachim Strömbergson
- Re: [Cfrg] scrypt password-based key derivation f… Stephen Farrell
- Re: [Cfrg] scrypt password-based key derivation f… Hanno Böck
- Re: [Cfrg] scrypt password-based key derivation f… Aaron Zauner
- Re: [Cfrg] scrypt password-based key derivation f… Daniel Kahn Gillmor
- Re: [Cfrg] scrypt password-based key derivation f… Björn Edström
- Re: [Cfrg] scrypt password-based key derivation f… Aaron Zauner
- Re: [Cfrg] scrypt password-based key derivation f… Simon Josefsson
- Re: [Cfrg] scrypt password-based key derivation f… Simon Josefsson
- Re: [Cfrg] scrypt password-based key derivation f… Aaron Zauner
- Re: [Cfrg] scrypt password-based key derivation f… Tony Arcieri
- Re: [Cfrg] scrypt password-based key derivation f… Björn Edström
- Re: [Cfrg] scrypt password-based key derivation f… Håkon Hitland