🔒 Passwortsicherheit ist entscheidend für Entwicklerinnen & Systemadministratorinnen. OpenLDAP bietet zwar MD5 & SHA1, aber diese sind unsicher. Erfahre im neuesten Blogpost, wie du OpenLDAP mit dem sicheren argon2-Algorithmus kompilierst und als Standard festlegst.

https://www.puzzle.ch/de/blog/articles/2023/08/08/enhancing-openldap-security-with-argon2

#Passwortsicherheit #OpenLDAP #argon2 #Cybersicherheit

High @sc00bz and @epixoip, I recently came across your recommendations not to (blindly) use #Argon2 as a #PHF (but it's a good #KDF) due to this requiring runtimes that make it (usually) inapplicable for password hashing. Or, phrased differently, would require lowering security parameters in order to stay performant, that the security of the hashing would be compromised.

The #Bcrypt article on Wikipedia put forth a similar claim but without any citations and phrased a bit misleading (IMO). I've adjusted the article and added two citations. If you have time, I'd be glad if you could give some feedback on this, as there are only few citable sources on this and I'm by far no expert on the matter:

https://en.wikipedia.org/w/index.php?title=Bcrypt&diff=prev&oldid=1157855165

Thank you!

Do anyone can tell me if this rencryption (digest) of cryptsetup is facutally secure to bruteforce attack and acttually don't take 4 year to open the device (modern cpu Ryzen 2700X) ?

cryptsetup luksChangeKey --pbkdf argon2id --hash sha512 --iter-time X --pbkdf-memory Y --pbkdf-parallel Z <device>

cryptsetup-reencrypt --pbkdf=argon2id --hash=sha512 --iter-time=X2 --pbkdf-memory=Y2 --pbkdf-parallel=Z2 <device>

I search a proper X X2 Y Y2 Z and Z2, knowing the cpu are from Ryzen 5 3XXXH, and Intel Gen 11 (laptop)

I ask because i know these settings for pbkdf2 but not for argon2id.

#security #encryption #argon2 #argon2id

@mjg59

Thank you for sounding the alert!

I identified a minor issue with your otherwise nice explanation: According to my sources (man cryptsetup, #rfc9106), all #argon2 varieties are memory-hard. RFC 9106 is even titled “Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications”.

However, given that there are known attacks against #argon2i, it seems wise to use #argon2id instead. It is also what is recommended in the RFC.

As a #QubesOS user, I just checked the state of affairs there:

The cryptsetup that comes with QubesOS 3.x used #luks1, and those who did an in-place upgrade to 4.x still have that unless they converted to #luks2 manually (as detailed in the migration guide).

The cryptsetup in QubesOS 4.x uses #luks2, but it still defaults to #argon2i unfortunately.

OpenSSL merged the Argon2 KDF

#cryptography #OpenSSL #Argon2

https://github.com/openssl/openssl/pull/12256

Yay #bitwarden now offers the #argon2 KDF algorithm in addition to the standard PBKDF algorithm. After hearing @leo and Steve Gibson talk about it on #securitynow, I’m switching over. Not messing with the other KDF settings.

O Bitwarden está a um passo de finalizar a implementação do KDF, Argon2.
Foram englobados no código os últimos dois Pull-requests.

#bitwarden #kdf #algorithm #security #argon2 #opensource

Pra você ver como o mundo é pequeno, há alguns meses eu precisei implementar o #argon2 como algoritmo de hash de senhas por uma sugestão do @roziscoding, ai cheguei na Suécia e descobri que o cara que joga Tibia comigo é o que implementou a lib 🤯 https://github.com/ranisalt/node-argon2

It would be great if #LastPass breach was enough motivation to get #Argon2 standardized in the Web Cryptography APIs.
Otherwise web extensions are forced to rely on #wasm or use the much less secure #PBKDF2

RFC 9106: Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications

Il y a des cas où on va tenter de réduire délibérement l'efficacité d'un programme informatique. Ainsi, #Argon2, spécifié dans ce #RFC est volontairement très consommatrice de mémoire et d'accès à cette mémoire. Cette fonction peut être utilisée pour condenser des mots de passe, ou pour des sytèmes à preuve de travail.

https://www.bortzmeyer.org/9106.html

New release of UniquePasswordBuilder with argon2 & PWA support https://paulgreg.me/UniquePasswordBuilder/ Thanks @pmiossec for that contribution and many others. Addon update should follow. #passwordmanager #argon2 #pwa