search

mollyim / mollyim-android

Enhanced and security-focused fork of Signal.
GNU Affero General Public License v3.0
1.37k stars 77 forks source link

Use HMAC-SHA384 on 64-bit devices for MAC keys #252

Closed ghost closed 6 months ago

ghost commented 6 months ago

Is there an existing request for this?

Feature description

Molly currently uses HMAC-SHA256 for generating MAC keys¹, which are entangled with the output of Argon2. HMAC-SHA384 should be used on 64-bit devices, since SHA-384 is much more faster than SHA-256 on 64-bit devices. SHA-384 also has both 384 bit Preimage and Second Preimage resistance².

¹https://discuss.grapheneos.org/d/8976-signal-vs-molly-vs-molly-foss/43
²https://dl.acm.org/doi/pdf/10.5555/2206194
valldrac commented 6 months ago

Thanks for the suggestion!

We've taken a closer look, and while SHA-384 has its merits, we'll continue with SHA-256. The encryption keys are 256-bits, so aligning it with hash function sizes just feels right. Plus, moderm devices have specific crypto processors that handles HMAC-SHA256 well, regardless of the main CPU bit size.