Closed nerun closed 1 year ago
I don't know about that and therefore this is no clarification whatsoever. But maybe it provides some intel? I noticed this note in the README of kdf dir:
Base64 vs hexencode
-------------------
While base64 is easier to use (shell command, more compact), pbkdf2 use hex
in its specifications.
This could be solved with an option (-x for hex, defaults to base64)
And I interpret it that is was there to be more following the spec.
Thinking about the age of gtomb and the argument, that pbkdf
is kinda dated, one may look into adopting argon2
if there is a revisit of gtomb?
Edit: To clarify further: Point being that argon2i
is seen as superior and the chance is high it is available from the distribution repos or even already installed.
Reopened it.
I agree with you. Argon2i is more up to date.
But is tomb-kdb-hexencode
still used in the main code? Or it just use Base64 as default? My PR #478 removed tomb-kdb-hexencode
check to use KDF to create a key with gtomb
.
Exploring the extras/kdf-keys
and tomb
(current and old versions) seems that tomb-kdb-hexencode
was NEVER used. Apparently pbkdf2 has it's own hex encode source-code inside tomb-kdf-pbkdf2*
.
Thanks for checking that. I didn't wanted to state something just relying in what I remember, but can confirm that AFAIK was never used.
Thank you @jaromil and @Narrat for all the help. I will update extras/gtomb
to include argon2
as an alternative to pbkdf2
.
beware the addition of argon2 affects also the core tomb script, because it requires a new option in the header (first line of key file) stating argon2 and parameters.
beware the addition of argon2 affects also the core tomb script, because it requires a new option in the header (first line of key file) stating argon2 and parameters.
Shouldn't this be covered already? As tomb got argon2 support with #432 ?
I forgot that I did that 😅 perhaps because I am not yet using it in my workflow, just planning to 😅😅
I noticed that none of the packages from the Debian (Buster oldstable, Buster backports and Bookworm testing) and Ubuntu (jammy at least) repositories come with the
tomb-kdb-hexencode
binary.It's easy to compile, of course. And Debian Buster, Ubuntu and Mint has
libgcrypt20-dev
, easy to install with the virtual packageapt install libgcrypt-dev
.But, what is the purpose of
tomb-kdb-hexencode
? And why tomb, even when we use--kdf
, works without it?I am asking because i am revising
extras/gtomb
(again) and the forge step asks fortomb-kdb-*
files (line 259). Buttomb-kdb-hexencode
is obviously missing. So no KDF can be used with gtomb tool, one should use terminal instead.