Comment by ncruces

2 years ago

I used the parameters suggested in the documentation [1], which follow the RFC.

The KDF is invoked every time a connection is opened iff you specify your key with the textkey= parameter. It is ill advised to overuse this, especially if you don't use connection pooling, as it makes opening connections slow. You can bypass the KDF by providing your own 256-bit key using either the hexkey= or key= parameters (key= cannot embed NULLs).

I agree pepper confusing (because the pepper is supposedly secret), but this is not a salt either, as a salt is supposed to be public, but unique. Do you have better naming that you can suggest?

Anyway, I forgot to do this, but the intention was for the pepper to be changeable as a build parameter. Thanks for reminding me!

[1] https://pkg.go.dev/golang.org/x/crypto/argon2#IDKey

8 comments

ncruces

Reply
d-z-m  2 years ago

> I used the parameters suggested in the documentation [1], which follow the RFC

Where in the RFC is your parameter set mentioned? I don't see it anywhere[0]. The only parameter set I see mentioned with memory requirement as low as 64 MiB have t=3, not t=1. I believe the Go documentation might be outdated.

[0]: https://datatracker.ietf.org/doc/rfc9106/

> I agree pepper confusing (because the pepper is supposedly secret), but this is not a salt either, as a salt is supposed to be public, but unique. Do you have better naming that you can suggest?

If it's tweakable at build, perhaps pepper makes more sense.

  • ncruces  2 years ago

    Yep, I just made it tweakable at build, which was always the intent, although I expect the default to be popular.

    https://github.com/ncruces/go-sqlite3/blob/67d859a5/vfs/adia...

    That's unfortunate about the default parameters, but note that you can also replace the KDF altogether (besides just not using it).

    You just need to implement this interface, with any HBSH construction and KDF:

    https://github.com/ncruces/go-sqlite3/blob/67d859a5/vfs/adia...

    If you keep the HBSH and change the KDF, your file format will be “compatible.”

    • d-z-m  2 years ago

      > That's unfortunate about the default parameters, but note that you can also replace the KDF altogether (besides just not using it).

      Right...I would argue if you're going to expose it to users as an option, your parameter set should meet the minimum hardness parameter set in the RFC. Yours is falling off the bottom.

      5 replies →