While it would be nice in some ways to be on the cutting edge of things, I'd prefer to stick with something more widely used today (bcrypt, scrypt, PBKDF2) while ensuring that the design allows for easily extending to something like argon2. Tyler On 2016-01-18 12:00:36, Sylvain Pelissier wrote: > Hi, > > I think it is a good idea to support stronger algorithms. As a new > hashing algorithm, you can also consider Argon2 algorithm, the winner > of the Password hashing compettion (https://password-hashing.net/). > The implementation is already available: > https://github.com/p-h-c/phc-winner-argon2. > Reagrds > > Sylvain > > On 18 January 2016 at 11:51, Wiebe Cazemier <wiebe@xxxxxxxxxxxx> wrote: > > Hi, > > > > What are the thoughts on implementing bcrypt as key derivation algorithm? I already found a TODO in the code that ecryptfs should support more algorithms than just SHA512 * 65536. I tried brute forcing this, and got no further than about 20/s, but on FPGAs/GPUs this would be a lot faster. > > > > It should be easy enough to borrow code from OpenSSH, which uses bcrypt in their secure new private key file format (ssh-keygen -o; their old format is pretty weak (MD5 once, encrypt with AES 128)). > > > > Questions: > > > > 1) The v2 wrapped does not have a field to indicate which algorithm is used (like /etc/shadow (crypt API) has). Does this necessitate a v3, which does have said field? > > > > 2) Are there objections to including BSD licensed code from OpenSSH? > > > > Regards, > > > > Wiebe > > -- > > To unsubscribe from this list: send the line "unsubscribe ecryptfs" in > > the body of a message to majordomo@xxxxxxxxxxxxxxx > > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- > To unsubscribe from this list: send the line "unsubscribe ecryptfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
signature.asc
Description: Digital signature
