[prev in list] [next in list] [prev in thread] [next in thread]
List: cfrg
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-argon2-10.txt
From: Colin Perkins <csp () csperkins ! org>
Date: 2020-04-13 13:08:48
Message-ID: 7BE09503-5662-4E1B-A306-154841668A8D () csperkins ! org
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
> On 9 Apr 2020, at 12:22, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> On 09/04/2020 10:05, Milan Broz wrote:
> > On 07/04/2020 01:41, Stephen Farrell wrote:
> > > I did an IRSG review for -09. This addresses all the issues
> > > that I found there, except one, and that being (I think)
> > > the most important one;-)
> > >
> > > The issue: What is a "primary variant" and what is an
> > > implementer supposed to do?
> > >
> > > The above is a quote from my review of -09. Apologies if I
> > > missed some change in -10 that addresses this.
> > >
> > > Let me make a suggestion: state that argon2id is mandatory
> > > to implement, and that the other variants are not.
> >
> > Argon2id is combination of Argon2i + Argon2d, so implementing
> > all three variants should be quite easy (code must be there anyway,
> > it is just about providing external interface to it).
> >
> > I think all variants should be mandatory... and as I understand
> > the current RFC draft (3.1 section), it already says so:
> >
> > o Type y of Argon2: MUST be 0 for Argon2d, 1 for Argon2i, 2 for
> > Argon2id.
> >
> > (We use Argon2 in cryptsetup/LUKS2 and Argon2i (not id) is
> > currently the primary variant for the key derivation.
> > For compatibility with existing devices we need support
> > for all three variants. But obviously, this is just one use case,
> > RFC is more generic.)
>
> I'd also be fine with all being mandatory to implement
> but would prefer just one. Even if there's not much cost,
> in terms of code, there would be follow on cost in terms
> of assigning code-points at higher layers, and in terms
> of the arguments that will ensue about which code-point
> to use/assign in various contexts. Providing more options
> at this level is usually a bad plan that's unfortunately
> attractive to many cryptographers;-)
>
> But my main ask is just that it be clear what's expected
> of an implementer, so we get better interop.
I agree with Stephen that the draft needs to be more explicit about which variants \
need to be implemented.
--
Colin Perkins
https://csperkins.org/
[Attachment #5 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html; \
charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: \
space; line-break: after-white-space;" class=""><div>Hi,</div><div><br \
class=""><blockquote type="cite" class=""><div class="">On 9 Apr 2020, at 12:22, \
Stephen Farrell <<a href="mailto:stephen.farrell@cs.tcd.ie" \
class="">stephen.farrell@cs.tcd.ie</a>> wrote:</div><div class=""><span \
style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: 10px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">On 09/04/2020 10:05, Milan Broz \
wrote:</span><br style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; \
font-size: 10px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""><blockquote type="cite" style="font-family: \
Inconsolata; font-size: 10px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; \
text-indent: 0px; text-transform: none; white-space: normal; widows: auto; \
word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class="">On 07/04/2020 01:41, Stephen Farrell wrote:<br \
class=""><blockquote type="cite" class="">I did an IRSG review for -09. This \
addresses all the issues<br class="">that I found there, except one, and that being \
(I think)<br class="">the most important one;-)<br class=""><br class="">The issue: \
What is a "primary variant" and what is an<br class="">implementer supposed to do?<br \
class=""><br class="">The above is a quote from my review of -09. Apologies if I<br \
class="">missed some change in -10 that addresses this.<br class=""><br class="">Let \
me make a suggestion: state that argon2id is mandatory<br class="">to implement, and \
that the other variants are not.<br class=""></blockquote><br class="">Argon2id is \
combination of Argon2i + Argon2d, so implementing<br class="">all three variants \
should be quite easy (code must be there anyway,<br class="">it is just about \
providing external interface to it).<br class=""><br class="">I think all variants \
should be mandatory... and as I understand<br class="">the current RFC draft \
(3.1 section), it already says so:<br class=""><br class="">o Type y of Argon2: \
MUST be 0 for Argon2d, 1 for Argon2i, 2 for<br \
class=""> Argon2id.<br class=""><br class="">(We use \
Argon2 in cryptsetup/LUKS2 and Argon2i (not id) is<br class="">currently the primary \
variant for the key derivation.<br class="">For compatibility with existing devices \
we need support<br class="">for all three variants. But obviously, this is just one \
use case,<br class="">RFC is more generic.)<br class=""></blockquote><br \
style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: 10px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""><span style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: \
10px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none; float: none; display: inline !important;" class="">I'd also be \
fine with all being mandatory to implement</span><br style="caret-color: rgb(0, 0, \
0); font-family: Inconsolata; font-size: 10px; font-style: normal; font-variant-caps: \
normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span \
style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: 10px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">but would prefer just one. Even if \
there's not much cost,</span><br style="caret-color: rgb(0, 0, 0); font-family: \
Inconsolata; font-size: 10px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span \
style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: 10px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">in terms of code, there would be \
follow on cost in terms</span><br style="caret-color: rgb(0, 0, 0); font-family: \
Inconsolata; font-size: 10px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span \
style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: 10px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">of assigning code-points at higher \
layers, and in terms</span><br style="caret-color: rgb(0, 0, 0); font-family: \
Inconsolata; font-size: 10px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span \
style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: 10px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">of the arguments that will ensue \
about which code-point</span><br style="caret-color: rgb(0, 0, 0); font-family: \
Inconsolata; font-size: 10px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span \
style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: 10px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">to use/assign in various contexts. \
Providing more options</span><br style="caret-color: rgb(0, 0, 0); font-family: \
Inconsolata; font-size: 10px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span \
style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: 10px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">at this level is usually a bad \
plan that's unfortunately</span><br style="caret-color: rgb(0, 0, 0); font-family: \
Inconsolata; font-size: 10px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span \
style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: 10px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">attractive to many \
cryptographers;-)</span><br style="caret-color: rgb(0, 0, 0); font-family: \
Inconsolata; font-size: 10px; font-style: normal; font-variant-caps: normal; \
font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""><br \
style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: 10px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" \
class=""><span style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: \
10px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none; float: none; display: inline !important;" class="">But my main \
ask is just that it be clear what's expected</span><br style="caret-color: rgb(0, 0, \
0); font-family: Inconsolata; font-size: 10px; font-style: normal; font-variant-caps: \
normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span \
style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; font-size: 10px; \
font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
float: none; display: inline !important;" class="">of an implementer, so we get \
better interop.</span><br style="caret-color: rgb(0, 0, 0); font-family: Inconsolata; \
font-size: 10px; font-style: normal; font-variant-caps: normal; font-weight: normal; \
letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; \
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; \
text-decoration: none;" class=""></div></blockquote></div><div class=""><br \
class="webkit-block-placeholder"></div><div class="">I agree with Stephen that the \
draft needs to be more explicit about which variants need to be implemented. <br \
class=""><br class="">-- <br class="">Colin Perkins<br class=""><a \
href="https://csperkins.org/" class="">https://csperkins.org/</a><br class=""><br \
class=""><br class=""><br class="">
</div>
<br class=""></body></html>
_______________________________________________
Cfrg mailing list
Cfrg@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic