[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: State of Argon2 support
From: |
Daniel Kiper |
Subject: |
Re: State of Argon2 support |
Date: |
Fri, 2 Feb 2024 15:10:14 +0100 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Tue, Jan 30, 2024 at 10:18:20AM -0500, Nikolaos Chatzikonstantinou wrote:
> I want to share a small update:
>
> I'm reading the GRUB source code for the memory manager to get a bit
> acclimated. I was surprised to see libgcrypt depend on <stdio.h>.
Hmmm...
> Asking around, the monocypher library was brought to my attention,
> <https://monocypher.org/>. No external dependencies, the license is
> compatible, just two files monocypher.c and .h that can be bundled,
> supports argon2, and it's already used by some bootloaders/firmware
> (ArduPilot Project, Joulescope). It is however written in pure C99; it
> seems to me that it supports architectures that a C99 compiler can
> target.
>
> While the goal of upgrading libgcrypt is noble, it is a bit scary as
> libgcrypt seems difficult to navigate for me, the import_gcry.py
> script also being hard to read. So I have the following questions:
>
> 1) What are the cryptographic requirements of GRUB? I.e. which
> features and algorithms does GRUB require right now?
> 2) Can we include monocypher just for the purpose of unlocking
> argon2-configured luks2 partitions?
> 3) Is it of interest to replace libgcrypt entirely (if possible, with
> monocypher e.g.?)
If this change will not break (much) currently existing features and
simplify the code I am OK with doing this experiment.
> If the best plan to go ahead with is to upgrade libgcrypt, as I've
> said before, it would be good to know the version currently bundled
> with GRUB (I'm just reiterating this point.) But from my viewpoint,
Let me poke Vladimir once again...
> libgcrypt is a userland library with a wide range of features; perhaps
> not the most appropriate for a bootloader. I'm wondering if the
> reasons that led to choosing libgcrypt in the past for GRUB can be
> reevaluated now that there are more options for cryptographic
> libraries.
As I said above, I am OK with reevaluating current libgcrypt approach.
Daniel
- Re: State of Argon2 support,
Daniel Kiper <=