----- Original Message ----- > From: "Sylvain Pelissier" <sylvain.pelissier@xxxxxxxxx> > To: "Wiebe Cazemier" <wiebe@xxxxxxxxxxxx> > Cc: ecryptfs@xxxxxxxxxxxxxxx > Sent: Monday, 18 January, 2016 12:00:36 PM > Subject: Re: bcrypt or other key derivation algorithm > > Hi, > > I think it is a good idea to support stronger algorithms. As a new > hashing algorithm, you can also consider Argon2 algorithm, the winner > of the Password hashing compettion (https://password-hashing.net/). > The implementation is already available: > https://github.com/p-h-c/phc-winner-argon2. > Reagrds > > Sylvain That's interesting. I wonder why nobody is talking about it. Bcrypt and scrypt are all the rage, and even those are not fully trusted by all, because they haven't withstood the test of time. Question remains though, I can't implement it without knowing what to do with the v2 wrapped passphrase file. I can think of something myself, but I'd rather do something that I know won't be rejected :) >From the source code: * Reads a version 2 wrapped passphrase file containing the following format: * * Octet 0: A ':' character * Octet 1: uint8_t value indicating file version (MUST be 0x02) * Octets 2-9: Wrapping salt * Octets 10-25: Signature of wrapping key (16 octets) * Octets 26-N1: Variable length field containing the encrypted * passphrase. (Up to 64 octets. Must be non-empty.) Would a v3 be in order?: * Octet 0: A ':' character * Octet 1: uint8_t value indicating file version (MUST be 0x03) * Octet 2: uint8_t id of hashing algorithm. * Octets 3-10: Wrapping salt * Octets 11-26: Signature of wrapping key (16 octets) * Octets 27-N1: Variable length field containing the encrypted * passphrase. (Up to 64 octets. Must be non-empty.) Regards, Wiebe -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html