Open maxtaco opened 9 years ago
I would also recommend as others have suggested to move the signatures to the end of the output stream since they are calculated/verified last. A 32bit cipertext length would be good to detect truncation and can be rolled into the signature calculator as a precaution.
The Argon2 library has come to GitHub and is under active development. As such it's a bit fluid at the moment, but should have links to various builds for use in JS, Node, Go, Python, and hopefully I'll have a version for C#.
I think a version 1.3 release of Argon2 is soon forthcoming
@veorq Presented at a recent conference on Argon2, the release is stable now and starting to see use in the wild. https://bsideslv2016.sched.org/event/7YOA/whats-up-argon2-the-password-hashing-winner-a-year-later
Is there still a planned release for V4?
I finally got around to porting the Argon2 library to a .NET friendly C++ version. You can find it here: https://github.com/SparkDustJoe/Argon2Managed
I would, at this point, also suggest replacing XSalsa20 with either ChaCha20, or NORX64-6-2 (if it survives the CAESAR stream cipher competition, currently underway). ChaCha20 is an evolution of Salsa with better bit diffusion. NORX uses a similar scrambling technique to ChaCha and a sponge construction akin to Keccak. NORX replaces all the addition operations with an XOR-Shift approximate equivalent (the name NORX comes from Not-Addition Rotation XOR). It also has optional Header/Footer inputs for chaining or adding other strings.
Version 4 as published (with the only change being the removal of TwoFish) has been implemented in my port for C#, so I'm going to recommend closing this issue. The discussion of what should replace TwoFish (if anything) and SCRYPT (such as Argon2) for V5 should be a separate thread/issue.
The final CAESAR portfolio has been announced: https://competitions.cr.yp.to/caesar-submissions.html
As per Dustin's recommendations, consider Argon2 rather than scrypt, and also newly FIPS-certified SHA3 final rather than our Keccak precursor.