grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PATCHES: argon2 key derivation for luks2


From: Oskari Pirhonen
Subject: Re: PATCHES: argon2 key derivation for luks2
Date: Sun, 5 Nov 2023 01:40:57 -0500

On Tue, Oct 31, 2023 at 14:57:58 +0100, Daniel Kiper wrote:
> Adding a few folks who were working on this...
> 
> On Tue, Oct 31, 2023 at 11:39:36AM +0000, Leah Rowe via Grub-devel wrote:
> > i'm not sure if the grub devs have seen this or not. anyway, see
> > attached patches. i didn't make these myself but i'm sending them here.
> > it's the PHC (password hash competition) implementation of argon2,
> > adapted for the grub source code. i've been using this in libreboot and
> > it works very well, allows use of cryptomount on modern LUKS2 with
> > argon2 key deriv, so you don't need to downgrade to luks1 or pbkdf2
> > anymore. i wrote about it here: https://libreboot.org/news/argon2.html
> >
> > one thing to note is that though the code is free software, it's a
> > permissive non-copyleft license; i still think grub should make use of
> > it, regardless. grub has lacked argon2 for years now, and re-writing it
> > will probably be a lot of wasted effort if the phc one works.
> >
> > the phc implementation was originally adapted by someone named Axel, to
> > the archlinux aur for grub 2.06:
> > https://aur.archlinux.org/cgit/aur.git/tree/?h=grub-improved-luks2-git&id=1c7932d90f1f62d0fd5485c5eb8ad79fa4c2f50d
> >
> > nicholas johnson (https://nicholasjohnson.ch/) contacted me telling me
> > he'd re-adapted the code for grub 2.12, on top of the rc1 tag. i then
> > started using it in libreboot's grub.
> >
> > it would be nice if this could make it into the grub 2.12 release! the
> > patches are attached.
> >
> > PS: the original PHC code is here:
> > https://github.com/P-H-C/phc-winner-argon2
> 
> It seems to me this is based on Patrick Steinhardt work. AFAICT Patrick
> is going to repost new version of the patch set after the release. So,
> I hope it will be included in the GRUB 2.14. We are not able to take this
> patch set into upcoming release in this stage of development. Sorry
> about that...
> 

Patrick also mentioned that he'd prefer it if the bundled gcrypt was
updated to a version with Argon2 support rather than adapting the
reference implementation, but that it is "a _major_ effort". [1]

- Oskari

[1]: https://lore.kernel.org/grub-devel/Y3xs82f11kZSSi5I@ncase/

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]