Hi David, thanks for the quick feedback.
> Quite nice. I'd be inclined to support something like it. Strongly suggest, > however, that you specify either > > - (1) some variant of Scrypt > - (2) one of the PHC R2 competitors Lyra2 or Catena. > > If (1), I'd suggest Scrypt(hash=HChaCha20, kdf=Shake255) This was also Cure53's suggestion, but we decided to go with PBKDF2-SHA256 and AES-GCM for version 1 of the protocol due to performance constraints e.g. in the iOS WebView. It would totally make sense to have an scrypt based option for version 2 though. > I'll -- in the next couple of weeks -- be making available a PNaCl > implementation of this. It can also be implemented efficiently in JS, > though the only published correct implementation of Shake I know of > compiles coruus/keccak-tiny via Emscripten... Cool. Unfortunately we can't use PNaCl since our app has to run on iOS, Android and Windows Runtime as well as Chrome. But there is an emscripten port called js-nacl if I recall correctly. Tankred -- Sent from Whiteout Mail - https://whiteout.io My PGP key: https://keys.whiteout.io/[email protected] -- Whiteout Networks GmbH c/o Werk1 Grafinger Str. 6 D-81671 München Geschäftsführer: Oliver Gajek RG München HRB 204479
pgpSgmTGJHkq1.pgp
Description: PGP signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
