On Thu, Jun 1, 2017 at 7:59 PM, Seth Arnold <[email protected]> wrote:
> PBKDF2 is also fairly old; I believe most cryptographers would prefer > argon2, scrypt, or bcrypt to PBKDF2, with a grudging acceptance that if > you have to sell into the FIPS marketplace you may not have a choice. > Do we have a choice? > It's true that my selection of PBKDF2 was influenced by my previous work on FIPS-enabled crypto projects. I think in this case it's valuable to have FIPS compliance in our back pocket. In truth, the entire security model here needs to be improved in the long-term. I feel that this is really a stopgap until we get to a full PKI solution for MAAS. This particular key derivation scheme doesn't really add a huge amount of security; if an attacker discovers the MAAS shared secret, it's already "game over", so to speak. So I don't particularly mind what the key derivation algorithm is, because it's not even password-based at all, which makes it inherently stronger. The MAAS shared secret is 16 random bytes, so brute force attacks are already impractical. This scheme is just for "defense in depth". Regards, Mike
-- Maas-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/maas-devel
