Closed ghost closed 6 months ago
Thanks for the suggestion!
We've taken a closer look, and while SHA-384 has its merits, we'll continue with SHA-256. The encryption keys are 256-bits, so aligning it with hash function sizes just feels right. Plus, moderm devices have specific crypto processors that handles HMAC-SHA256 well, regardless of the main CPU bit size.
Is there an existing request for this?
Feature description
Molly currently uses HMAC-SHA256 for generating MAC keys¹, which are entangled with the output of Argon2. HMAC-SHA384 should be used on 64-bit devices, since SHA-384 is much more faster than SHA-256 on 64-bit devices. SHA-384 also has both 384 bit Preimage and Second Preimage resistance².
¹https://discuss.grapheneos.org/d/8976-signal-vs-molly-vs-molly-foss/43
²https://dl.acm.org/doi/pdf/10.5555/2206194