IETF Logo Mail Archive

Re: [Cfrg] [MASSMAIL]Re: adopting Argon2 as a CFRG document

Paul Grubbs <pag225@cornell.edu> Thu, 28 January 2016 21:53 UTC

Return-Path: <pag225@cornell.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC0851A9112 for <cfrg@ietfa.amsl.com>; Thu, 28 Jan 2016 13:53:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.58
X-Spam-Level:
X-Spam-Status: No, score=-3.58 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jnW6vDWZQxLY for <cfrg@ietfa.amsl.com>; Thu, 28 Jan 2016 13:53:14 -0800 (PST)
Received: from limerock01.mail.cornell.edu (limerock01.mail.cornell.edu [128.84.13.241]) by ietfa.amsl.com (Postfix) with ESMTP id 06E921A910A for <Cfrg@irtf.org>; Thu, 28 Jan 2016 13:53:13 -0800 (PST)
X-CornellRouted: This message has been Routed already.
Received: from exchange.cornell.edu (sf-e2013-02.exchange.cornell.edu [10.22.40.49]) by limerock01.mail.cornell.edu (8.14.4/8.14.4_cu) with ESMTP id u0SLrCVJ031568 for <Cfrg@irtf.org>; Thu, 28 Jan 2016 16:53:13 -0500
Received: from sf-e2013-07.exchange.cornell.edu (10.22.40.54) by sf-e2013-02.exchange.cornell.edu (10.22.40.49) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 28 Jan 2016 16:53:12 -0500
Received: from mail-wm0-f42.google.com (74.125.82.42) by exchange.cornell.edu (10.22.40.54) with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Frontend Transport; Thu, 28 Jan 2016 16:53:12 -0500
Received: by mail-wm0-f42.google.com with SMTP id p63so43698237wmp.1 for <Cfrg@irtf.org>; Thu, 28 Jan 2016 13:53:12 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=1bRSQB75abMy1x9PY/GkMZE9sSOLgE3ZAZpSKNEKFXU=; b=jjeiWme4D8TaX8yifhOfAFKcHCgXXx6B3ZnFzP9r0hWCHHM4jRt7vrWEEOe5VgldYp fKbhEM8WM3o1IRW2Ias7ToZTX+cZ47bW1pnPoe1DL7Aq0KS1gOZLF2k4rv1qKd01EVaq s1vbn4Wg8zwFuRUXOrz1C7xJd/+gNnBbVBSM4TX33HasbQaVxE0rf80IFvAdLxQkJuF+ l/uwj9DXFIoEFq0WmQBXCcGidFQCqs/qgdGQPlGut17EoNr4Sq04WgMaPVxD+FAn0jrL /BcZQU8iifxOz4PkPtwFxdrbPPoBwYsydfKR4zbxpgbA4rCVeY/94I4VdnHETnSD5E6n EXQA==
X-Gm-Message-State: AG10YOTZswLDI+A8EVyFWQdboQAp9iatmLQEqqH90qRvv8sXKTnbwMgm2yR7pNQskac7BQuemtqJlkz3mUYMuBy6PMzYkotiXJc3tSdmMybLKu0zcPWtU6PfbfhK2I0dpPi/9HGkjLyT3g9E08Vpff7RjPU=
X-Received: by 10.28.111.91 with SMTP id k88mr5075258wmc.86.1454017991451; Thu, 28 Jan 2016 13:53:11 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.28.111.91 with SMTP id k88mr5075236wmc.86.1454017991003; Thu, 28 Jan 2016 13:53:11 -0800 (PST)
Received: by 10.28.7.195 with HTTP; Thu, 28 Jan 2016 13:53:10 -0800 (PST)
In-Reply-To: <9f49e240b03d7b6156b0ed08912ef520@mail.tc26.ru>
References: <D2C82E57.60B44%kenny.paterson@rhul.ac.uk> <6D05C894-4D0D-4089-B4C1-40DF4FDE6C63@shiftleft.org> <D2C83321.60B6A%kenny.paterson@rhul.ac.uk> <9f49e240b03d7b6156b0ed08912ef520@mail.tc26.ru>
Date: Thu, 28 Jan 2016 16:53:10 -0500
Message-ID: <CAKDPBw8VGQo3WJV2hSe3tM3Tzm+Xp6OE7hds-BK5Vcv9ai1S3g@mail.gmail.com>
From: Paul Grubbs <pag225@cornell.edu>
To: Grigory Marshalko <marshalko_gb@tc26.ru>
Content-Type: multipart/alternative; boundary="001a1146978ed9e6b6052a6bf189"
Received-SPF: Neutral (sf-e2013-02.exchange.cornell.edu: 74.125.82.42 is neither permitted nor denied by domain of pag225@cornell.edu)
X-ORG-HybridRouting: a7d366b0f5b511ba4648f93eb946f9c7
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/k82h4A8VUhL1aN2CcbSXihN-VPs>
Cc: "cfrg@irtf.org" <Cfrg@irtf.org>
Subject: Re: [Cfrg] [MASSMAIL]Re: adopting Argon2 as a CFRG document
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2016 21:53:16 -0000

Would it be out of the question to ask the authors of Argon2 (or anybody,
really) to do a more formal analysis of its space-hardness? It would be
nice to have a proof (e.g. based on pebbling arguments) of some kind of
time-space tradeoff for Argon2.

On Thu, Jan 28, 2016 at 3:39 PM, Grigory Marshalko <marshalko_gb@tc26.ru>
wrote:

> Indeed, the PHC competition has significantly contributed to the design
> and analysis of password-hashing schemes. It's a nice mixture of crypto and
> engineering. So it would be desirable to wait until we understand the
> limits of attacks and corresponding countermeasures.
> The article on baloon hashing is a significant step forward for
> understanding these issues.
>
> Regards,
> Grigory Marshalko,
> expert,
> Technical committee for standardisation "Cryptography and security
> mechanisms" (ТC 26)
> www.tc26.ru
> 22 января 2016 г., 22:31, "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
> написал:
> > Mike,
> >
> > Thanks. The authors of the Argon2 design may in due course tweak their
> > design to avoid the identified problems, or argue that they are not
> > sufficiently worrisome to warrant a change to the design.
> >
> > We definitely need to factor this in to our deliberations, and we will
> > take the time to do so. Let's see how it plays out...
> >
> > Regards
> >
> > Kenny
> >
> > On 22/01/2016 19:20, "Mike Hamburg" <mike@shiftleft.org> wrote:
> >
> >> We might want to hold off on Argon2 — at least on finalizing it — until
> >> the team has
> >> responded to (and hopefully mitigated) the issues mentioned at
> >> https://eprint.iacr.org/2016/027. Essentially the problem is that
> Argon2
> >> can be computed
> >> in less space than advertised. The team said that they are planning a
> >> response, cf
> >> http://permalink.gmane.org/gmane.comp.security.phc/3606
> >>
> >> Cheers,
> >> — Mike
> >>
> >> On Jan 22, 2016, at 11:10 AM, Paterson, Kenny <
> Kenny.Paterson@rhul.ac.uk>
> >> wrote:
> >>
> >> Dear CFRG,
> >>
> >> Having received limited feedback either way from the group
> (specifically,
> >> one voice in favour), the CFRG chairs have decided to adopt
> >> https://tools.ietf.org/html/draft-josefsson-argon2-00 as a CFRG
> document.
> >>
> >> If you have objections or concerns, please reply to this email or
> directly
> >> to CFRG chairs.
> >>
> >> Sincerely,
> >>
> >> Kenny Paterson (for the chairs)
> >>
> >> On 06/11/2015 11:47, "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
> wrote:
> >>
> >> Hi Stephen,
> >>
> >> Yes, the chairs are amenable to this. We've been keeping an eye on the
> >> password hashing competition and were planning a work item in this area.
> >>
> >> Any comments from the group, either supporting or objecting to us
> adopting
> >> this draft in the RG?
> >>
> >> Cheers,
> >>
> >> Kenny
> >>
> >> (for the chairs)
> >>
> >> On 06/11/2015 02:18, "Cfrg on behalf of Stephen Farrell"
> >> <cfrg-bounces@irtf.org on behalf of
> >> stephen.farrell@cs.tcd.ie> wrote:
> >>
> >> The password hashing competition has a winner and some folks
> >> in the openpgp wg are interested in using that winner. I guess
> >> this might be better processed via cfrg if folks are amenable
> >> to that.
> >>
> >> Thanks,
> >> S.
> >>
> >> _______________________________________________
> >> Cfrg mailing list
> >> Cfrg@irtf.org
> >> https://www.irtf.org/mailman/listinfo/cfrg
> >
> > _______________________________________________
> > Cfrg mailing list
> > Cfrg@irtf.org
> > https://www.irtf.org/mailman/listinfo/cfrg
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email