|
Re: [openpgp] [PATCH] RFC4880bis: Argon2i
2015-11-05 05:35:05
There is not a lot of cryptocurrency standardisation going on in the IETF,
alas. What do you think about using the term "proof of work" in the title
instead? It appears to be the cryptographic property that cryptocurrencies (and
other applications!) want from a primitive. I perceive that other PoW-ideas may
be standardized in the IETF before currencies are.
Have you or anyone provided security reductions for Argon2 btw? Similar to the
reductions that are available for Catena. They would help to substantiate any
claims in the document that Argon2 is secure for its intended uses.
/Simon
Alex Biryukov <alex(_dot_)biryukov(_at_)uni(_dot_)lu> skrev: (5 november 2015
12:07:17 CET)
We discussed it briefly, would it be possible to add "cryptocurrency"
to
the title to cover two main usage areas. Then it would make sense to
keep
both Argon2i and Argon2d in the standard.
"The memory-hard Argon2 password and cryptocurrency hash function
draft-josefsson-argon2-00
On Thu, Nov 5, 2015 at 9:25 AM, Simon Josefsson
<simon(_at_)josefsson(_dot_)org>
wrote:
We have now pushed out a -00 strawman on Argon2 in ID form:
https://tools.ietf.org/html/draft-josefsson-argon2-00
I'm not happy with the explanation of the H' and G functions, and the
permutation P (from BLAKE2b) and the indexing section are missing.
Reference code in a higher-level language like python would be
useful.
If those things, and an ASN.1 schema is added, I believe the document
would be good to go.
We need to have an IETF discussion whether we are interested in the
Argon2d non-side-channel safe variant. The Argon2 paper implies that
the Argon2i side-channel safe variant is for "dangerous settings"
where
you need side-channel safety. For Internet use I believe we have
already passed the point where we can ignore side-channel concerns,
since they have been used in several successful attacks already.
This
could be resolved in the security considerations, but I'm concerned
about giving people too much rope here.
/Simon
Stephen Farrell <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> writes:
Hiya,
One way to handle this might be to add the winners as
co-authors on the Internet-draft. In that case, the
draft boilerplate text says that you're following the IETF
IPR rules and hence would have filed an IPR declaration
if one was needed. And if none is needed, we'd be done.
I'm sure we can figure other options but the above would
be easiest from the IETF point of view.
Cheers,
S.
On 03/11/15 11:56, Joseph Lorenzo Hall wrote:
Congratulations btw on winning the competition!
Kathleen and Stephen can confirm, but I believe you don't have to
do
anything in terms of adding any language in this case (no patent
issued/sought, patent pending, etc.). When/if the document is
adopted by
the working group, the chair will request any disclosures.
On Tuesday, November 3, 2015, Alex Biryukov
<alex(_dot_)biryukov(_at_)uni(_dot_)lu>
wrote:
Hi all,
We were not intending to patent it, so we can add a sentence
about it.
Suggestions of lawyer-happy phrases are welcome.
Alex
On Tue, Nov 3, 2015 at 10:47 AM, Joseph Lorenzo Hall
<joe(_at_)cdt(_dot_)org
<javascript:_e(%7B%7D,'cvml','joe(_at_)cdt(_dot_)org');>> wrote:
At IETF94 one question that came up in trying to move quickly to
support Argon2 is the potential IPR that might be in Argon2. The
code
available now [1] is CC0 which, AFAICT, doesn't have any patent
grant
or implication for patents, etc., meaning the authors could
still
claim something, precluding it from use without a waiver (or
whatever,
IANAL)
I'll CC the Argon2 authors (on the Argon2 spec [2]) here and see
if we
can clarify any potential IPR and whether that might affect
using it
in the future in OpenPGP.
best, Joe
[1]: https://github.com/p-h-c/phc-winner-argon2
[2]: https://password-hashing.net/argon2-specs.pdf
On Tue, Nov 3, 2015 at 5:20 PM, Simon Josefsson
<simon(_at_)josefsson(_dot_)org
<javascript:_e(%7B%7D,'cvml','simon(_at_)josefsson(_dot_)org');>> wrote:
Den Tue, 3 Nov 2015 07:45:44 +0100
skrev Re: [openpgp] [PATCH] RFC4880bis: Argon2i:
Hi Daniel,
If we introduce this as a normative dependency for OpenPGP,
though,
we might also want to have an IETF RFC for Argon2. Do you
know of
anyone working on such a draft?
Simon Josefsson has expressed interest in helping with that.
@Simon: are you working on this?
I started on an Argon2 draft but after talking to the Argon2
team we
decided to wait until Argon2 was finalized. I suppose now is a
good
time to resume that work. I'll put something up on gitlab.com
so
people can review and help. If anyone wants to help, please
let me
know and we'll coordinate something.
/Simon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
<javascript:_e(%7B%7D,'cvml','openpgp(_at_)ietf(_dot_)org');>
https://www.ietf.org/mailman/listinfo/openpgp
--
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe(_at_)cdt(_dot_)org
<javascript:_e(%7B%7D,'cvml','joe(_at_)cdt(_dot_)org');>
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
--
---------------------------------
Prof. Dr. Alex Biryukov,
FSTC/CSC, University of Luxembourg,
6, rue Richard Coudenhove-Kalergi,
L-1359 Luxembourg-Kirchberg
LUXEMBOURG
Tel: +352 46 66 44 6793
Fax: +352 46 66 44 5500
--
Skickat från min Android-telefon med K-9 E-post. Ursäkta min fåordighet.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
|
|