On Tue, Oct 31, 2023 at 14:57:58 +0100, Daniel Kiper wrote: > Adding a few folks who were working on this... > > On Tue, Oct 31, 2023 at 11:39:36AM +0000, Leah Rowe via Grub-devel wrote: > > i'm not sure if the grub devs have seen this or not. anyway, see > > attached patches. i didn't make these myself but i'm sending them here. > > it's the PHC (password hash competition) implementation of argon2, > > adapted for the grub source code. i've been using this in libreboot and > > it works very well, allows use of cryptomount on modern LUKS2 with > > argon2 key deriv, so you don't need to downgrade to luks1 or pbkdf2 > > anymore. i wrote about it here: https://libreboot.org/news/argon2.html > > > > one thing to note is that though the code is free software, it's a > > permissive non-copyleft license; i still think grub should make use of > > it, regardless. grub has lacked argon2 for years now, and re-writing it > > will probably be a lot of wasted effort if the phc one works. > > > > the phc implementation was originally adapted by someone named Axel, to > > the archlinux aur for grub 2.06: > > https://aur.archlinux.org/cgit/aur.git/tree/?h=grub-improved-luks2-git&id=1c7932d90f1f62d0fd5485c5eb8ad79fa4c2f50d > > > > nicholas johnson (https://nicholasjohnson.ch/) contacted me telling me > > he'd re-adapted the code for grub 2.12, on top of the rc1 tag. i then > > started using it in libreboot's grub. > > > > it would be nice if this could make it into the grub 2.12 release! the > > patches are attached. > > > > PS: the original PHC code is here: > > https://github.com/P-H-C/phc-winner-argon2 > > It seems to me this is based on Patrick Steinhardt work. AFAICT Patrick > is going to repost new version of the patch set after the release. So, > I hope it will be included in the GRUB 2.14. We are not able to take this > patch set into upcoming release in this stage of development. Sorry > about that... >
Patrick also mentioned that he'd prefer it if the bundled gcrypt was updated to a version with Argon2 support rather than adapting the reference implementation, but that it is "a _major_ effort". [1] - Oskari [1]: https://lore.kernel.org/grub-devel/Y3xs82f11kZSSi5I@ncase/
signature.asc
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
