Re: [openpgp] The Argon2 proposal seems incomplete (Draft 6)
Justus Winter <justus@sequoia-pgp.org> Tue, 26 July 2022 16:52 UTC
Return-Path: <justus@sequoia-pgp.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF977C13CCC6 for <openpgp@ietfa.amsl.com>; Tue, 26 Jul 2022 09:52:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ARjQNuIJ1p5D for <openpgp@ietfa.amsl.com>; Tue, 26 Jul 2022 09:52:23 -0700 (PDT)
Received: from harrington.uberspace.de (harrington.uberspace.de [185.26.156.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 081BCC13C506 for <openpgp@ietf.org>; Tue, 26 Jul 2022 09:51:36 -0700 (PDT)
Received: (qmail 30309 invoked by uid 500); 26 Jul 2022 16:51:33 -0000
Authentication-Results: harrington.uberspace.de; auth=pass (plain)
From: Justus Winter <justus@sequoia-pgp.org>
To: Bruce Walzer <bwalzer@59.ca>
Cc: openpgp@ietf.org
In-Reply-To: <YuAErZRsF/KbOw1s@watt.59.ca>
References: <YuAErZRsF/KbOw1s@watt.59.ca>
Date: Tue, 26 Jul 2022 18:51:25 +0200
Message-ID: <87edy7keb6.fsf@thinkbox>
MIME-Version: 1.0
Content-Type: text/plain
X-Rspamd-Bar: /
X-Rspamd-Report: MIME_GOOD(-0.1) MID_RHS_NOT_FQDN(0.5) BAYES_HAM(-0.000089)
X-Rspamd-Score: 0.39991
Received: from unknown (HELO unkown) (::1) by harrington.uberspace.de (Haraka/2.8.28) with ESMTPSA; Tue, 26 Jul 2022 18:51:33 +0200
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/NVdcXv3oEsk3sERz9bPLNh2BvlM>
Subject: Re: [openpgp] The Argon2 proposal seems incomplete (Draft 6)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2022 16:52:24 -0000
Bruce Walzer <bwalzer@59.ca> writes: > The Argon2 proposal seems incomplete (Draft 6) > > This fell out of a discussion on a different thread. I think I can now > express this in a more coherent way. Don't split threads like that. At best it looks like an obvious attempt of leaving the dissenting voices behind. > Argon2 is a hash with a primary benefit of memory hardness intended to > prevent efficient attacks from GPU/FPGA/ASIC hash crackers. Argon2 is the winner of the 2015 Password Hashing Competition. Its utility is beyond doubt. > OpenPGP is a messaging standard and has to be such that > interoperability is possible between different systems. That is at > odds with normal Argon2 usage. If you are doing pre-shared key encryption, you have to communicate the key to the recipient, hence you do know in what context the data will be decrypted. Even if you don't, let's say you are archiving some data, experience tells us that available memory will grow, not shrink, so whatever memory you can supply now for the encryption, you can be sure that the future recipient will have enough to decrypt it. > I think that more work needs to be done here to generate a valid > proposal. At this point it is not clear to me that such a proposal is > even possible. We might have to in the end consider other > approaches. As it is, we are basically dumping a complicated > technology into a long term standard with all the knobs exposed with > the hope that someone will come along later and find an effective use > for it. It is not complicated. It is not new. It is widely implemented, and the RFC gives recommendation for the parameters. Note that for the legacy S2K mechanisms, even though there are multiple knobs, the RFC gives no guidance whatsoever. If you have a counter-proposal for a password-to-key derivation mechanism, please produce a constructive proposal. Best, Justus
- [openpgp] The Argon2 proposal seems incomplete (D… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Justus Winter
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Huigens
- Re: [openpgp] The Argon2 proposal seems incomplet… Justus Winter
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Justus Winter
- Re: [openpgp] The Argon2 proposal seems incomplet… Werner Koch
- Re: [openpgp] The Argon2 proposal seems incomplet… Paul Wouters
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… brian m. carlson
- Re: [openpgp] The Argon2 proposal seems incomplet… Stephen Farrell
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Huigens
- [openpgp] OpenPGP encryption block modes (Was: Th… Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes (Was… Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes (Was… Peter Gutmann
- Re: [openpgp] OpenPGP encryption block modes (Was… Stephen Farrell
- Re: [openpgp] OpenPGP encryption block modes (Was… Benjamin Kaduk
- Re: [openpgp] OpenPGP encryption block modes (Was… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes (Was… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes (Was… Daniel Huigens
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes Werner Koch
- Re: [openpgp] OpenPGP encryption block modes Aron Wussler
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes Aron Wussler
- Re: [openpgp] OpenPGP encryption block modes (Was… Phillip Hallam-Baker
- Re: [openpgp] OpenPGP encryption block modes (Was… Marcus Brinkmann
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes brian m. carlson
- Re: [openpgp] OpenPGP encryption block modes Werner Koch
- Re: [openpgp] OpenPGP encryption block modes Peter Gutmann
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes brian m. carlson
- Re: [openpgp] OpenPGP encryption block modes Stephen Farrell
- Re: [openpgp] OpenPGP encryption block modes Peter Gutmann
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes Daniel Huigens
- Re: [openpgp] OpenPGP encryption block modes Werner Koch
- Re: [openpgp] OpenPGP encryption block modes (Was… Stephen Farrell
- Re: [openpgp] OpenPGP encryption block modes (Was… Bruce Walzer
- Re: [openpgp] OpenPGP encryption block modes (Was… Marcus Brinkmann
- Re: [openpgp] OpenPGP encryption block modes (Was… Bruce Walzer
- Re: [openpgp] The Argon2 proposal seems incomplet… Ángel
- Re: [openpgp] The Argon2 proposal seems incomplet… Daniel Kahn Gillmor