tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Changing the default localcipher in passwd.conf to argon2id



I'm concerned that -Wno-error is specified for all argon2 sources.

At least, please convert it to per-file and per-warning flags before
switching it to the default.

IMO, changing the default is not too late if it is done after
netbsd-10 is branched.

Thanks,
rin

On 2021/10/21 5:39, nia wrote:
I want to change the default cipher in passwd.conf to
Argon2id, for these reasons:

- Argon2id is resistant to GPU-based password cracking attacks.
- Argon2id is resistant to side channel attacks.
- It allows us to dynamically scale the CPU time and memory required
   to compute a password hash, making hashes that are strong and
   difficult to crack on fast machines, while not making you wait
   an unreasonable amount of time to log in on slow machines.

The work to integrate Argon2 into NetBSD was done in 2019 and in
the past few weeks I've been cleaning up the code, making sure
we match the reference implementation, adding tests and documentation,
etc.

I've tested the Argon2 implementation and determined it's correct
and usable on:

- amd64 (Ryzen, Haswell...)
- aarch64 (QEMU)
- shark
- macppc (G4)
- sparc (50MHz, Argon2id shaves 7 seconds off login time compared to
   the current default.)



Home | Main Index | Thread Index | Old Index