[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4ADA7D0@uxcn10-5.UoA.auckland.ac.nz>
Date: Fri, 14 Aug 2015 06:06:01 +0000
From: Peter Gutmann <pgut001@...auckland.ac.nz>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: RE: [PHC] Argon2 improvement thread
Krisztián Pintér <pinterkr@...il.com> writes:
>1, i propose not doing allocation within the hash function at all. memory
>should be void* parameter to a buffer to use. rationale: there are different
>ways of allocating memory. on embedded systems, there might be no heap at all,
+1.
>2, i propose taking the password and the salt in a pre-padded, fixed size
>block. rationale: it might be not straightforward how to copy the password
>from a buffer in a manner that does not leak the password length.
Counterargument: If there's a need to do this, then the Argon implementers are
going to do a much better job than some random developer who isn't even aware
of side-channel attacks, let alone how to deal with them.
>5, the result should be a binary of the designed length. no encoding or
>parameter-prepending is necassary. rationale: it is the task of the outer
>layers.
+1. PKCS #7/CMS/PGP/etc already do this for you, so you don't need to encode
parameters yourself.
Peter.
Powered by blists - more mailing lists