[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: State of Argon2 support
|
From: |
Nikolaos Chatzikonstantinou |
|
Subject: |
Re: State of Argon2 support |
|
Date: |
Wed, 24 Jan 2024 01:23:55 -0500 |
On Wed, Jan 24, 2024 at 12:46 AM Nikolaos Chatzikonstantinou
<nchatz314@gmail.com> wrote:
>
> On Wed, Jan 24, 2024 at 12:05 AM Nikolaos Chatzikonstantinou
> <nchatz314@gmail.com> wrote:
> >
> > On Tue, Jan 23, 2024 at 11:58 AM Daniel Kiper <dkiper@net-space.pl> wrote:
> > >
> > > On Thu, Jan 04, 2024 at 10:49:06AM -0500, Nikolaos Chatzikonstantinou
> > > wrote:
> > > > On Mon, Jan 1, 2024 at 2:48 PM Patrick Steinhardt <ps@pks.im> wrote:
> > > > >
> > > > > Indeed. There are two different ways to implement Argon2 support in
> > > > > GRUB:
> > > > >
> > > > > - Use the reference implementation of Argon2.
> > > > >
> > > > > - Update libgcrypt to a newer version.
> > > > >
> > > > > Problem is that upgrading the bundled libgcrypt library is not trivial
> > > > > at all. I've tried multiple times, and every single time I quickly
> > > > > gave
> > > > > up. There's simply too many things that have changed, and GRUB does
> > > > > have
> > > > > quite a lot of patches on top of the current bundled version of the
> > > > > library. Regardless of that it would be the right thing to do, because
> > > > > in the long run we do want an up-to-date version of libgrcypt
> > > > > regardless
> > > > > of Argon2 support anyway.
> > > >
> > > > That is interesting! Maybe I can give it a try.
> > > >
> > > > It seems to me that my game plan is to find the two versions of
> > > > libgcrypt (old and new) and read the NEWS file carefully for how to
> > > > migrate.
> > >
> > > If you manage to do that it would be perfect...
> > >
> > > If you have any questions or need help drop me a line.
> >
> >
> > Dear Daniel,
> >
> > Thank you for offering your help, you motivated me to look into this.
> > I would like to ask, where is the libgcrypt source code bundled with
> > grub from? I checked that the files are not from the libgcrypt
> > repository in <git://git.gnupg.org/libgcrypt.git>.
>
> Of course I misused my own tool by using it under the wrong CWD. This works:
>
> cd grub-core/lib/libgcrypt && find . print0 | gitsearchdigest -C
> /path/to/libgcrypt_repo
>
> With some fiddling via `git log $commit --pretty="tformat:%H %ct" -1`
> and sorting on the unix timestamp I got the libgcrypt commit 897ccd2
> from March of 2016 . I have a decent starting point now.
My apologies for the repeated messages, but I came up with just one
more question that I'm curious about. To summarize my questions:
1. Where is the libgcrypt bundle from grub from? I think my
investigation has led me around version 1.7.0 of libgcrypt, but if I
can get a precise commit or version, that would be useful.
... and now to my new question:
2. What is the reason libgcrypt is bundled as opposed to a regular dependency?
Thank you,
Nikolaos Chatzikonstantinou
- Re: State of Argon2 support, Patrick Steinhardt, 2024/01/01
- Re: State of Argon2 support, Nikolaos Chatzikonstantinou, 2024/01/04
- Re: State of Argon2 support, Daniel Kiper, 2024/01/23
- Re: State of Argon2 support, Nikolaos Chatzikonstantinou, 2024/01/24
- Re: State of Argon2 support, Nikolaos Chatzikonstantinou, 2024/01/24
- Re: State of Argon2 support,
Nikolaos Chatzikonstantinou <=
- Re: State of Argon2 support, Daniel Kiper, 2024/01/25
- Re: State of Argon2 support, Nikolaos Chatzikonstantinou, 2024/01/26
- Re: State of Argon2 support, Patrick Steinhardt, 2024/01/26
- Re: State of Argon2 support, Daniel Kiper, 2024/01/26
- Re: State of Argon2 support, Daniel Kiper, 2024/01/26
- Re: State of Argon2 support, Vladimir 'phcoder' Serbinenko, 2024/01/26
- Re: State of Argon2 support, Nikolaos Chatzikonstantinou, 2024/01/30