Re: [Cfrg] draft-irtf-cfrg-argon2 variable-length hash function size
Loup Vaillant-David <loup@loup-vaillant.fr> Thu, 21 May 2020 16:35 UTC
Return-Path: <loup@loup-vaillant.fr>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C7A23A086B for <cfrg@ietfa.amsl.com>; Thu, 21 May 2020 09:35:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8DR90cT_Vh7S for <cfrg@ietfa.amsl.com>; Thu, 21 May 2020 09:35:11 -0700 (PDT)
Received: from smtp.loup-vaillant.fr (smtp.loup-vaillant.fr [92.243.1.174]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 710A03A084B for <cfrg@irtf.org>; Thu, 21 May 2020 09:35:10 -0700 (PDT)
Received: from grey-fade (lns-bzn-60-82-254-246-40.adsl.proxad.net [82.254.246.40]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: loup) by smtp.loup-vaillant.fr (Postfix) with ESMTPSA id 9948D32C2; Thu, 21 May 2020 18:25:16 +0200 (CEST)
Message-ID: <ac2f7ae8eae7812176764111e521d7311bdbd58c.camel@loup-vaillant.fr>
From: Loup Vaillant-David <loup@loup-vaillant.fr>
To: Matthew Endsley <mendsley@gmail.com>, cfrg@irtf.org
Date: Thu, 21 May 2020 18:35:06 +0200
In-Reply-To: <CAGgBLUtTES2sig=Y+7X18Vk=MnZ4Kxg023icjGZiTuaTBhvzDw@mail.gmail.com>
References: <CAGgBLUtTES2sig=Y+7X18Vk=MnZ4Kxg023icjGZiTuaTBhvzDw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.2
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ktxSIa2m4hE_mecAP-lFeEKZi78>
Subject: Re: [Cfrg] draft-irtf-cfrg-argon2 variable-length hash function size
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2020 16:35:14 -0000
Hi, I implemented Argon2i for Monocypher, and checked that it does the same as Libsodium. I can confirm you want the output of the extended hash to cover 1024 bytes. H'(1024) indeed. Loup. On Wed, 2020-05-20 at 14:58 -0700, Matthew Endsley wrote: > While implementing argon2 from draft-10, I either incorrectly > interpreted a section or there is an error describing the variable- > length hash function H'. > > Section 3.2 lists the operations to perform the Argon2 hash. > > This describes the hash function H^x() having an output size of x > bytes. > > Steps 3 and 4 calculate the initial blocks B[i][0] and B[i][1] as the > result of the variable length hash H'^(128). > > I believe this is supposed to be H'^(1024) as the intent is to fill > the entire 1kib block. Using H'^(128) only fills 128 bytes, and > generates the incorrect values for the test vectors. H'^(1024) fills > the entire block and generates the correct values for the test > vectors. > > Matt > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] draft-irtf-cfrg-argon2 variable-length has… Matthew Endsley
- Re: [Cfrg] draft-irtf-cfrg-argon2 variable-length… Loup Vaillant-David