Re: [Cfrg] Introduction, and some concerns regarding draft-irtf-cfrg-argon2

Dmitry Khovratovich <khovratovich@gmail.com> Thu, 09 July 2020 16:07 UTC

Return-Path: <khovratovich@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1561B3A0CAB for <cfrg@ietfa.amsl.com>; Thu, 9 Jul 2020 09:07:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uUWqhDEp4n4f for <cfrg@ietfa.amsl.com>; Thu, 9 Jul 2020 09:07:20 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 638D73A0CCD for <cfrg@irtf.org>; Thu, 9 Jul 2020 09:06:59 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id o5so2854877iow.8 for <cfrg@irtf.org>; Thu, 09 Jul 2020 09:06:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KEUxMy2+dgCtqVIdwsKhdoGG+8DsxWzMtOGOo9Ou/vU=; b=UU6mvgQCybV8rO1hWgxOq41g+wg4WDhxPSf2qlZ1n5JdNAmf5S66bMD/MOZ0WYqPCK 2sHdAVxp+e1nLjWCZL5uXhzolod8zeZ8qLyDoKteh6JB6n5GPAi7Pd49E8AHXV4/bVg1 c13cAq9i5NEUC0vOzgECnuPUe1KqO1uG/vqirbO3lScQcHjyPYIrFfGubTukxrigO8FB Ogwbn89kiVWtlLKh78aPHd+Fjzj6dZsJ5cZUoRzN9wt8YWDyFpNiVAaS+0FnFHQeP4xH 5G3RfirUlH3+f2ay+ZShAtAdmOQx3ohbEpxwDaHzyElJBV5z+zipPQOTJjEyDhdY4LM8 6piA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KEUxMy2+dgCtqVIdwsKhdoGG+8DsxWzMtOGOo9Ou/vU=; b=gZTJmHDazaVdgQ4vlS8w1P5JdFNpGkUNb9LZncszSkDOTLPcOcQjXguTVsA6i4GVIU lsKlNz0Ek5yzrG/WQcAFoDux8/jUcyuo5vuUx+ANaciMYAikk7umKphKrxrTcevb1YqU 4+maiZp6T/vklumbfV7tz16VhEBSrSh2+Uar/5AbURKHBCfBbXGuPLwwf3qI+N7C+YIn FoyFhLNAjLvfk9vAtT72c+te6TZFVOM7EA+KpAm1MmJziyCJ3P5h8qOejLZhBiyenk+I nKV9DnolqjtH4BQ72Eu/4497L4hNWFjyLPxVVSDnP4Q8frUvqip5iFjqkbJ6Djko34RT 4X3w==
X-Gm-Message-State: AOAM5338NpsU+br+jBHT1Yap6K0/w5mKVH1KYwFKU/gf3UdXwxm9cbzr kRqE0PBZ9VNp6ZoT7frbmUFykeO9Csu7oHAbokTwxQ==
X-Google-Smtp-Source: ABdhPJxIH5V3ASICQwoFiQ9KQjiSY0XBiipJqtOFnirt9FOAWSCffvdzXu3tyVgKK/P1+SyW41ARQ4wAqWENzI1WYO0=
X-Received: by 2002:a05:6602:15ca:: with SMTP id f10mr43779748iow.52.1594310818392; Thu, 09 Jul 2020 09:06:58 -0700 (PDT)
MIME-Version: 1.0
References: <56194F94-E5B1-4599-902D-CC74D1A4D729@darkrainfall.org> <MN2PR11MB3936FD85BDABA7C36C97CFEFC1AF0@MN2PR11MB3936.namprd11.prod.outlook.com> <B095D21A-E2F6-4EC9-84AD-517FDAB3AE57@csperkins.org> <2106F5B7-CE16-4371-A302-B1F08A7E99B6@darkrainfall.org> <ED9E1321-CCAE-497A-B81F-960F0E52D2CA@darkrainfall.org>
In-Reply-To: <ED9E1321-CCAE-497A-B81F-960F0E52D2CA@darkrainfall.org>
From: Dmitry Khovratovich <khovratovich@gmail.com>
Date: Thu, 9 Jul 2020 18:06:46 +0200
Message-ID: <CALW8-7Lrf--xTxJYKHG3E=bP18swOR-DQR9t3kFM+eudY=YL7w@mail.gmail.com>
To: Gwynne Raskind <gwynne@darkrainfall.org>
Cc: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="000000000000fdf4a105aa046953"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/fCdVlr0D4xpAJglCvq9sfGvyIH4>
Subject: Re: [Cfrg] Introduction, and some concerns regarding draft-irtf-cfrg-argon2
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2020 16:07:23 -0000

Hi Gwynne,

thanks a lot for so much details! I have tried to incorporate everything to
the last version.

On Wed, Apr 29, 2020 at 4:05 AM Gwynne Raskind <gwynne@darkrainfall.org>
wrote:

> Apologies for the noise, but I just discovered a couple of errors in my
> notes (as was certain to happen the moment I sent them, no doubt :) ).
> Rather than send another attachment to the list and most likely end
> up having to replace that as well, I've posted the revised content as a
> Gist, found here: <
> https://gist.github.com/gwynne/d596cb9712849cdc033084b2eebaf680>. From
> now on this link will always provide the most up to date revision of the
> document.
>
> -- Gwynne Raskind
>
> On Apr 28, 2020, at 19:53, Gwynne Raskind <gwynne@darkrainfall.org> wrote:
>
> Thanks to everyone for their encouragement! I've attached my edited set of
> notes in Markdown format (I can provide it in alternative form if desired).
> I have tried to restrain this initial set of notes mostly to the most
> critical issues, as I've been known to end up simply rewriting entire
> documents if I don't keep myself in check (and frankly this draft has
> tempted me greatly in that regard) ^^; Please don't hesitate to ask any
> questions if there's anything that needs clarifying. I hope you find these
> notes helpful!
>
> (P.S.: If the mailing list strips attachments, as I know many do, I
> welcome suggestions as to the best alternative for making the document
> available - my first instinct would be to post it as a GitHub Gist and send
> its link to the list instead.)
>
> <draft-argon2-deconstruction.md>
>
> -- Gwynne Raskind
>
> On Apr 27, 2020, at 17:32, Colin Perkins <csp@csperkins.org> wrote:
>
> I agree – this draft is close to publication as an RFC, so if there are
> corrections and/or clarifications needed, then it would be useful to get
> feedback so they can be incorporated before publication.
>
> Colin
>
>
>
> On 27 Apr 2020, at 18:45, Scott Fluhrer (sfluhrer) <
> sfluhrer=40cisco.com@dmarc.ietf.org> wrote:
>
> I haven’t seen any public responses, and so, while I’m not an editor of
> this particular draft, I’d like to reply to your concerns.
>
> We would love to hear your critiques, both about minor errors such as
> typos, in addition to more major problems, such as ambiguities in the
> specification.
>
> One major reason these drafts are published is to get them correct; by
> helping us make the draft better, you are helping us a great deal.
>
> And, there isn’t any secret handshakes to work on this mailing list; we
> welcome everyone.  And you are certainly not out of line.
>
> I look forward to hearing your corrections and your suggestions.  Thank
> you.
>
> *From:* Cfrg <cfrg-bounces@irtf.org> *On Behalf Of *Gwynne Raskind
> *Sent:* Sunday, April 26, 2020 9:40 AM
> *To:* cfrg@irtf.org
> *Subject:* [Cfrg] Introduction, and some concerns regarding
> draft-irtf-cfrg-argon2
>
> Hello!
>
> My name is Gwynne Raskind; I'm a software engineer with a fairly wide
> range of technical experience and interests. I'm new to this mailing list,
> and to the IRTF in general - a colleague suggested that I subscribe to this
> working group's community to bring up an issue of concern to me with
> regards to the currently published draft of the specification of the Argon2
> key derivation function (formally draft-irtf-cfrg-argon2-10).
>
> In the course of both my work and general interest, I had occasion to
> investigate this algorithm and to attempt to build an implementation
> natively in the Swift language.. Unfortunately, I found the draft in its
> present form to be less helpful than I had hoped. After a considerable
> amount of time spent studying the C reference implementation and comparing
> it with the specification, I was able to derive a nearly complete and
> partially functional implementation of my own. It was a fascinating
> learning experience, but I also noted a significant number of typographical
> errors, incomplete descriptions, missing elements, and other problems in
> the spec itself.
>
> As I have an active interest in the cryptography space, as well as plenty
> of experience as both a technical writer and as a systems engineer, I took
> it upon myself to write up a somewhat exhaustive list of the various issues
> I encountered in the spec, ranging from technical analysis to grammatical
> concerns: I would be very pleased to contribute it (along with some
> accompanying suggestions of potential corrections) if it would be welcomed.
> I apologize if I'm in any way out of line; I couldn't find any kind of
> guidelines for how to approach this sort of problem, short of doing exactly
> this, so here I am.
>
> Thanks for reading through this, and I hope to get the chance to help out!
>
>
> -- Gwynne Raskind
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>
>
>
>
> --
> Colin Perkins
> https://csperkins.org/
>
>
>
>
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>


-- 
Best regards,
Dmitry Khovratovich