Re: [dev] securiy guidance

From: Sergey Matveev <>
Date: Sat, 10 Mar 2018 17:47:25 +0300

*** Michael Forney [2018-03-08 22:10]:
>I'm no expert either (so follow this at your own risk), but I also did
>some investigation, and I think either of the following schemes would

This scheme seems ok and some kind of classical one. Simple and working.

>It's not clear to me if it's okay to use the plain crypto_argon2i with
>just a fixed secret salt. A related scheme might be to use
>crypto_argon2i_general with a salt generated for each encryption and a
>single saved key. Then, the salts could be stored as plain text the
>output file (and probably authenticated with crypto_lock_aead).
>Perhaps one benefit is if someone somehow figured out the encryption
>key for one password, they still wouldn't be able to decrypt the

According to the manual, _general supports keyed hashing of additional
data. In your context there is no need to authenticate something
additional. So _general is useless here. You can generate salt for each
encryption -- nothing wrong with that, but you are assuming that
adversary could compromise your password. I assume that single
passphrase is used to encrypt all the passwords, so different salts
won't help your here. In my opinion, different separate salts bring
nothing to security.


Personally I do not like this setup. Anyway, all security depends on the
passphrase human need to input. Never use asymmetric cryptography when
you have to. Your password-encryption task obviously does not need any
kind of asymmetry.

>For (2) I'm not sure if the nonce is necessary or not, since passwords
>are encrypted with randomly generated single-use keys (so maybe a
>fixed value is sufficient; it is still only used once per key).

When keys are guaranteed to be unique and used only once (for one
encryption/decruption) -- it is safe to use zero nonce.

Sergey Matveev (
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF

Received on Sat Mar 10 2018 - 15:47:25 CET

This archive was generated by hypermail 2.3.0 : Sat Mar 10 2018 - 16:00:28 CET