Cyclone<p>New version of <a href="https://infosec.exchange/tags/hashgen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hashgen</span></a> published.</p><p>Changelog:<br>v1.1.0; 2025-03-19<br>added modes: <a href="https://infosec.exchange/tags/base58" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>base58</span></a>, <a href="https://infosec.exchange/tags/argon2id" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>argon2id</span></a>, <a href="https://infosec.exchange/tags/bcrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bcrypt</span></a> w/custom cost factor</p><p><a href="https://forum.hashpwn.net/post/89" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">forum.hashpwn.net/post/89</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/hashgenerator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hashgenerator</span></a> <a href="https://infosec.exchange/tags/hashcracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hashcracking</span></a> <a href="https://infosec.exchange/tags/hashcat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hashcat</span></a> <a href="https://infosec.exchange/tags/hashpwn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hashpwn</span></a> <a href="https://infosec.exchange/tags/cyclone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyclone</span></a> <a href="https://infosec.exchange/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>golang</span></a></p>
ohai.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A cozy, fast and secure Mastodon server where everyone is welcome. Run by the folks at ohai.is.
Administered by:
Server stats:
1.8Kactive users
ohai.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-nightly.2025-04-15
#argon2id
0 posts · 0 participants · 0 posts today
🅴🆁🆄🅰 🇷🇺Про #<a class="" href="https://hub.hubzilla.de/search?tag=GRUB" rel="nofollow noopener" target="_blank">GRUB</a> можно позабыть уже несколько лет как — явно находится под чьим-то влиянием и до сих пор отказывается реализовать поддержку #<a class="" href="https://hub.hubzilla.de/search?tag=LUKS" rel="nofollow noopener" target="_blank">LUKS</a> 2-й версии, в части использования #<a class="" href="https://hub.hubzilla.de/search?tag=Argon2" rel="nofollow noopener" target="_blank">Argon2</a> / #<a class="" href="https://hub.hubzilla.de/search?tag=Argon2id" rel="nofollow noopener" target="_blank">Argon2id</a>.<br><br>Важно это потому, что в мире полно ферм для майнинга криптовалют, так или иначе арестованных органами общественного правопорядка. Это изначально специализированные #<a class="" href="https://hub.hubzilla.de/search?tag=ASIC" rel="nofollow noopener" target="_blank">ASIC</a> для перебора значений hash-функций. В результате, стало возможным взламывать грубой силой почти все варианты дискового шифрования, если для хранения пароля используются обычные #<a class="" href="https://hub.hubzilla.de/search?tag=PBKDF2" rel="nofollow noopener" target="_blank">PBKDF2</a> / #<a class="" href="https://hub.hubzilla.de/search?tag=PBKDF" rel="nofollow noopener" target="_blank">PBKDF</a>, не адаптированные под противодействие крипто-майнинговым фермам. Примером, нормальной современной #<a class="" href="https://hub.hubzilla.de/search?tag=PBKDF" rel="nofollow noopener" target="_blank">PBKDF</a> является тот же #<a class="" href="https://hub.hubzilla.de/search?tag=Argon2" rel="nofollow noopener" target="_blank">Argon2</a> и его вариации.<br><br>Альтернатива в том, что позволяет тот же #<a class="" href="https://hub.hubzilla.de/search?tag=systemd-boot" rel="nofollow noopener" target="_blank">systemd-boot</a>. Например, для полнодискового шифрование через LUKS берётся SSD/NVMe разбитый через #<a class="" href="https://hub.hubzilla.de/search?tag=GPT" rel="nofollow noopener" target="_blank">GPT</a> с выделением раздела EFI System Partition, на котором размещаются образы #<a class="" href="https://hub.hubzilla.de/search?tag=initrd" rel="nofollow noopener" target="_blank">initrd</a> / #<a class="" href="https://hub.hubzilla.de/search?tag=initramfs" rel="nofollow noopener" target="_blank">initramfs</a> и бинарники загрузчика systemd-boot являющиеся EFI-приложением.<br><br>Всё содержимое EFI System Partition может проверяться Secure Boot'ом — быть заверены своим собственным сертификатом в дереве. Не только бинарники, но и текстовые *.conf файлы в /boot/loader/entries/ описывающие каждый вариант загрузки. Поскольку они содержат такие вещи как:<br><pre><code>title ... — как зовётся в меню загрузочном<br>linux /vmlinuz-6.6-x86_64 — какое ядро ОС использовать<br>initrd /intel-ucode.img — какой микрокод процессора грузить<br>initrd /initramfs-6.6-x86_64.img — сам загрузочный образ<br>...<br>options quiet — могут быть и в одну строчку все сразу<br>options splash<br>options rd.udev.log_level=3<br>options systemd.show_status=auto<br>options sysrq_always_enabled=1<br>options intel_iommu=on<br>options iommu=pt<br>...</code></pre><br>Т.е. файлы *.conf могут содержать всякие опции/параметры ядра, отвечающие за безопасность работы системы. Например, раздачей <a href="https://habr.com/ru/news/712476/" rel="nofollow noopener" target="_blank">таких рекомендаций</a> недавно развлекался #<a class="" href="https://hub.hubzilla.de/search?tag=%D0%A4%D0%A1%D0%A2%D0%AD%D0%9A" rel="nofollow noopener" target="_blank">ФСТЭК</a> (вот оригинал официальной <a href="https://fstec.ru/normotvorcheskaya/informatsionnye-i-analiticheskie-materialy/2590-informatsionnoe-soobshchenie-fstek-rossii-ot-30-dekabrya-2022-g-n-240-22-6933" rel="nofollow noopener" target="_blank">публикации</a>).<br><br>Про различия в вариантах #<a class="" href="https://hub.hubzilla.de/search?tag=Argon2" rel="nofollow noopener" target="_blank">Argon2</a>, почему собственно RFC 9106 рекомендует использовать #<a class="" href="https://hub.hubzilla.de/search?tag=Argon2id" rel="nofollow noopener" target="_blank">Argon2id</a> <ul><li> #<a class="" href="https://hub.hubzilla.de/search?tag=Argon2d" rel="nofollow noopener" target="_blank">Argon2d</a> maximizes resistance to GPU cracking attacks. It accesses the memory array in a password dependent order, which reduces the possibility of time–memory trade-off (TMTO) attacks, but introduces possible side-channel attacks.</li><li> #<a class="" href="https://hub.hubzilla.de/search?tag=Argon2i" rel="nofollow noopener" target="_blank">Argon2i</a> is optimized to resist side-channel attacks. It accesses the memory array in a password independent order.</li><li> #<a class="" href="https://hub.hubzilla.de/search?tag=Argon2id" rel="nofollow noopener" target="_blank">Argon2id</a> is a hybrid version. It follows the #<a class="" href="https://hub.hubzilla.de/search?tag=Argon2i" rel="nofollow noopener" target="_blank">Argon2i</a> approach for the first half pass over memory and the #<a class="" href="https://hub.hubzilla.de/search?tag=Argon2d" rel="nofollow noopener" target="_blank">Argon2d</a> approach for subsequent passes.</li></ul><br><br>#<a class="" href="https://hub.hubzilla.de/search?tag=linux" rel="nofollow noopener" target="_blank">linux</a> #<a class="" href="https://hub.hubzilla.de/search?tag=crypto" rel="nofollow noopener" target="_blank">crypto</a> #<a class="" href="https://hub.hubzilla.de/search?tag=lang_ru" rel="nofollow noopener" target="_blank">lang_ru</a>
Christian Pietsch (old acct.)<p><span class="h-card"><a href="https://nondeterministic.computer/@mjg59" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mjg59</span></a></span> </p><p>Thank you for sounding the alert!</p><p>I identified a minor issue with your otherwise nice explanation: According to my sources (man cryptsetup, <a href="https://digitalcourage.social/tags/rfc9106" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rfc9106</span></a>), all <a href="https://digitalcourage.social/tags/argon2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>argon2</span></a> varieties are memory-hard. RFC 9106 is even titled “Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications”.</p><p>However, given that there are known attacks against <a href="https://digitalcourage.social/tags/argon2i" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>argon2i</span></a>, it seems wise to use <a href="https://digitalcourage.social/tags/argon2id" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>argon2id</span></a> instead. It is also what is recommended in the RFC.</p><p>As a <a href="https://digitalcourage.social/tags/QubesOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QubesOS</span></a> user, I just checked the state of affairs there:</p><p>The cryptsetup that comes with QubesOS 3.x used <a href="https://digitalcourage.social/tags/luks1" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>luks1</span></a>, and those who did an in-place upgrade to 4.x still have that unless they converted to <a href="https://digitalcourage.social/tags/luks2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>luks2</span></a> manually (as detailed in the migration guide).</p><p>The cryptsetup in QubesOS 4.x uses <a href="https://digitalcourage.social/tags/luks2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>luks2</span></a>, but it still defaults to <a href="https://digitalcourage.social/tags/argon2i" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>argon2i</span></a> unfortunately.</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload