V4

Question

V4

maxtaco opened this issue 9 years ago · comments

As per Dustin's recommendations, consider Argon2 rather than scrypt, and also newly FIPS-certified SHA3 final rather than our Keccak precursor.

Dustin · Answer 1 · Fri Aug 07 2015 04:51:55 GMT+0800 (China Standard Time)

I would also recommend as others have suggested to move the signatures to
the end of the output stream since they are calculated/verified last. A
32bit cipertext length would be good to detect truncation and can be rolled
into the signature calculator as a precaution.

Dustin · Answer 2 · Thu Jan 14 2016 04:44:13 GMT+0800 (China Standard Time)

The Argon2 library has come to GitHub and is under active development. As such it's a bit fluid at the moment, but should have links to various builds for use in JS, Node, Go, Python, and hopefully I'll have a version for C#.

https://github.com/P-H-C/phc-winner-argon2

Dustin · Answer 3 · Sat Apr 02 2016 05:38:18 GMT+0800 (China Standard Time)

I think a version 1.3 release of Argon2 is soon forthcoming

Dustin · Answer 4 · Thu Aug 11 2016 04:57:42 GMT+0800 (China Standard Time)

@veorq Presented at a recent conference on Argon2, the release is stable now and starting to see use in the wild. https://bsideslv2016.sched.org/event/7YOA/whats-up-argon2-the-password-hashing-winner-a-year-later

Dustin · Answer 5 · Sat May 20 2017 01:12:49 GMT+0800 (China Standard Time)

Is there still a planned release for V4?

Dustin · Answer 6 · Mon Nov 13 2017 23:58:47 GMT+0800 (China Standard Time)

I finally got around to porting the Argon2 library to a .NET friendly C++ version. You can find it here:
https://github.com/SparkDustJoe/Argon2Managed

I would, at this point, also suggest replacing XSalsa20 with either ChaCha20, or NORX64-6-2 (if it survives the CAESAR stream cipher competition, currently underway). ChaCha20 is an evolution of Salsa with better bit diffusion. NORX uses a similar scrambling technique to ChaCha and a sponge construction akin to Keccak. NORX replaces all the addition operations with an XOR-Shift approximate equivalent (the name NORX comes from Not-Addition Rotation XOR). It also has optional Header/Footer inputs for chaining or adding other strings.

Dustin · Answer 7 · Thu Jan 24 2019 04:16:04 GMT+0800 (China Standard Time)

Version 4 as published (with the only change being the removal of TwoFish) has been implemented in my port for C#, so I'm going to recommend closing this issue. The discussion of what should replace TwoFish (if anything) and SCRYPT (such as Argon2) for V5 should be a separate thread/issue.

Dustin · Answer 8 · Thu Feb 28 2019 00:04:25 GMT+0800 (China Standard Time)

The final CAESAR portfolio has been announced: https://competitions.cr.yp.to/caesar-submissions.html