[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: State of Argon2 support
|
From: |
Nikolaos Chatzikonstantinou |
|
Subject: |
Re: State of Argon2 support |
|
Date: |
Wed, 24 Jan 2024 00:05:16 -0500 |
On Tue, Jan 23, 2024 at 11:58 AM Daniel Kiper <dkiper@net-space.pl> wrote:
>
> On Thu, Jan 04, 2024 at 10:49:06AM -0500, Nikolaos Chatzikonstantinou wrote:
> > On Mon, Jan 1, 2024 at 2:48 PM Patrick Steinhardt <ps@pks.im> wrote:
> > >
> > > Indeed. There are two different ways to implement Argon2 support in
> > > GRUB:
> > >
> > > - Use the reference implementation of Argon2.
> > >
> > > - Update libgcrypt to a newer version.
> > >
> > > Problem is that upgrading the bundled libgcrypt library is not trivial
> > > at all. I've tried multiple times, and every single time I quickly gave
> > > up. There's simply too many things that have changed, and GRUB does have
> > > quite a lot of patches on top of the current bundled version of the
> > > library. Regardless of that it would be the right thing to do, because
> > > in the long run we do want an up-to-date version of libgrcypt regardless
> > > of Argon2 support anyway.
> >
> > That is interesting! Maybe I can give it a try.
> >
> > It seems to me that my game plan is to find the two versions of
> > libgcrypt (old and new) and read the NEWS file carefully for how to
> > migrate.
>
> If you manage to do that it would be perfect...
>
> If you have any questions or need help drop me a line.
Dear Daniel,
Thank you for offering your help, you motivated me to look into this.
I would like to ask, where is the libgcrypt source code bundled with
grub from? I checked that the files are not from the libgcrypt
repository in <git://git.gnupg.org/libgcrypt.git>. My method was to
search for the sha-1 sums with `git rev-list` and `git rev-parse`. I
automated the task by writing a python script which I called
"gitsearchdigest" (you can grab it from
<https://github.com/createyourpersonalaccount/gitsearchdigest>.)
What I did was run this command:
cd grub-core/lib/libgcrypt/src
find . -print0 | gitsearchdigest -C /path/to/libgcrypt_repo
However it came out blank, which, if my script is correct, means that
the files under grub-core/lib/libgcrypt/src do not ever appear in
their exact form in the git repository of libgcrypt. I made a manual
visual check on ChangeLog-2011 and it appeared to be modified.
Thus my conclusion is that grub has files that never appeared in the
libgcrypt repository, and it makes my attempt to upgrade it much
harder unless I can find out where they came from.
Regards,
Nikolaos Chatzikonstantinou
- Re: State of Argon2 support, Patrick Steinhardt, 2024/01/01
- Re: State of Argon2 support, Nikolaos Chatzikonstantinou, 2024/01/04
- Re: State of Argon2 support, Daniel Kiper, 2024/01/23
- Re: State of Argon2 support,
Nikolaos Chatzikonstantinou <=
- Re: State of Argon2 support, Nikolaos Chatzikonstantinou, 2024/01/24
- Re: State of Argon2 support, Nikolaos Chatzikonstantinou, 2024/01/24
- Re: State of Argon2 support, Daniel Kiper, 2024/01/25
- Re: State of Argon2 support, Nikolaos Chatzikonstantinou, 2024/01/26
- Re: State of Argon2 support, Patrick Steinhardt, 2024/01/26
- Re: State of Argon2 support, Daniel Kiper, 2024/01/26
- Re: State of Argon2 support, Daniel Kiper, 2024/01/26
- Re: State of Argon2 support, Vladimir 'phcoder' Serbinenko, 2024/01/26
- Re: State of Argon2 support, Nikolaos Chatzikonstantinou, 2024/01/30