While I'm unable to contribute as a developer due to time constraints, I certainly wouldn't mind volunteering for testing things before a GA release. Should there be a need for it.
On Sun, Jan 12, 2025, 9:04 AM Alex Gaynor <alex.gay...@gmail.com> wrote: > There's a request for KMAC, > https://github.com/pyca/cryptography/issues/12141. Thus far no work > has happened on it. If you're interested in contributing, we're happy > to review a PR. > > Alex > > On Sun, Jan 12, 2025 at 12:02 PM Sriram R via Cryptography-dev > <cryptography-dev@python.org> wrote: > > > > Robert, > > > > Appreciate the links to the articles, read them and they are very > informative. > > > > RFC 5869 does have this phrase: > > > > One significant example is the derivation of cryptographic > > keys from a source of low entropy, such as a user's password. The > > extract step in HKDF can concentrate existing entropy but cannot > > amplify entropy. > > > > This statement sounds like keys derived from a user's password might be > weaker than keys derived from random input keying material. Is that not how > one should > > interpret this statement in the RFC? > > > > Based on the popularity of password-based KDF, I'm guessing this is not > a concern? > > > > To the pyca/cryptography team: > > > > Is the development of a KMAC module on the roadmap? And if so, kindly > requesting to share the timeline for planning purposes. My team has a > requirement to implement > > > > quantum-resistant algorithms when and where possible and since KMAC is > quantum-resistant we're very much interested in adopting it. > > > > > > Best, > > > > PE > > > > > > On Sat, Jan 11, 2025 at 4:57 PM Robert Moskowitz <r...@htt-consult.com> > wrote: > >> > >> read > >> > >> RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF). > H. > >> Krawczyk, P. Eronen. May 2010. (Format: TXT, HTML) (Status: > >> INFORMATIONAL) (DOI: 10.17487/RFC5869) > >> > >> On the proper way to use a keyed SHA2 hash as a KDF. > >> > >> Hash chains build off a secret key are considered not safe. > >> > >> For SHA3, KMAC (NIST SP800-185) is a proven KDF. > >> > >> See: > >> > >> > https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1-upd1.pdf > >> > >> Sec 4.4. > >> > >> I have had the privilege of direct conversations with Dr. Krawczyk even > prior to his presentation on keyed hash attacks in 1995 and the reason for > the HMAC (RFC2104) construct. > >> > >> And I have had the privilege of following along with Team Keccak on the > development of what is now SHA3 and its derivatives. We are finally seeing > an uptick in replacing HMAC/HKDF with KMAC. > >> > >> On 1/10/25 17:00, Sriram R via Cryptography-dev wrote: > >> > >> Hello, > >> > >> I'm generating a key using Scrypt from a password supplied by the user. > I then use this key as follows. This works but my question to the experts: > is this an acceptable way to use the AESGCMSIV cipher? Am I doing something > that's fundamentally against best practices? In the examples on the > Cryptography site, the sample code snippet uses AESGCMSIV.generate_key() > method to generate the key instead. The requirement I have is to generate > the key that's based on a password. > >> > >> def gen_salt(size=32): > >> return secrets.token_bytes(size) > >> > >> def der_key(salt, password): > >> kdf = Scrypt(salt=salt, length=32, n=2**20, r=8, p=1) > >> return kdf.derive(password.encode()) > >> > >> def gen_symmkey(salt, password): > >> symmkey = der_key(salt, password) > >> return symmkey > >> > >> key = gen_symmkey(salt, password) > >> aesgcmsiv = AESGCMSIV(key) > >> > >> ct = aesgcmsiv.encrypt(nonce, file_data, aad) > >> with open(fname, "wb") as outfile: > >> outfile.write(ct) > >> > >> Best, > >> PE > >> > >> > >> _______________________________________________ > >> Cryptography-dev mailing list > >> Cryptography-dev@python.org > >> https://mail.python.org/mailman/listinfo/cryptography-dev > >> > >> > > _______________________________________________ > > Cryptography-dev mailing list > > Cryptography-dev@python.org > > https://mail.python.org/mailman/listinfo/cryptography-dev > > > > -- > All that is necessary for evil to succeed is for good people to do nothing. >
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
