New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Suggestion] Comparison Table between other encryption software #69
Comments
Sounds fun, I'll give it a go soon. I'm not sure how to do it in Markdown though, but I'll figure it out. |
|
Why list PBKDF2 as orange? I would agree Argon2 is probably better but orange kind of implies that it has problems. You should probably be specific on what flavor of Argon2 you are using. |
@ph00lt0, thanks for your input. The table is still very much a work in progress, so don't take it too seriously for now, since getting the formatting right was my main concern. But indeed, you raise a good point that I've briefly thought about too. I believe Argon2 is certainly superior to PBKDF2 in all regards, so I don't think the latter should get a green check mark, when a much more modern and secure Argon2 exists. At the same time though, it is also better than something like 7-Zip's homebrewed KDF, so I didn't put an X for it either. Do you get what I mean? What symbol and word do you think is most optimal? For the flavour, I don't think there is a big need for it, because they are all secure and reasonably similar when used correctly. I already specify Argon2id in the Internals.md, so if someone cares that much about which version of Argon2 is used, they'll probably read the Internals anyway. |
I get what you mean, but I am afraid that the orange color will be perceived as a warning, for something insecure, while it really isn't. We all prefer argon2, but PBKDF2 isn't anything bad. Maybe you should think more in a scoring like "good" and "very good". Thinking further about this, maybe you want to use the ✅ for PBKDF2 and the 🏅for Argon2? That seems more fair. I know that you are using Argon2id, not sure about Nordlocker. I think if you make the comparison anyways it could be added. |
What about 🆗 for PBKDF2? I think it fits nicely. It's OK in that it's not insecure, but ✅ feels more dominant as I like it. I don't really like using 🏅 because it kind of lacks consistency with the rest of the comparison where ✅ is the standard icon. Also, I've tried to look up what Argon NordLocker uses, but due to the closed-source nature, I haven't found anything. I know they use Libsodium, but that doesn't help because it could be using any of the three Argon versions. So if there no other box with the Argon2 version, I don't see a need to add the 2id for Picocrypt since there is nothing to compare to anyway. What do you think? |
🆗 LGTM I also haven't been able to find what version they use. I think it would still be better to list it. The table doesn't really allow for it, but I would even prefer a mention of the version for Nordlocker being unknown. That also emphasis why transparency is important imo. The table will probably good as is for now as indeed it can't be compared. I would like to suggest to add somewhere else in the readme to state argon2id specifically f.x. in the first paragraph now. That will allow other researcher to quickly identify what your are using so that you don't need to dig further, as with Nordlock :) |
Sounds good! I will find a place to add the 'id' to Argon2 near the beginning of the Readme. Thanks for the suggestions and help! |
@bambirombi @ph00lt0 Do you guys think the table is sufficient? If so, I will add it to the main README. If there are any categories you would like me to also compare, please let me know. |
Okay, I'll add the table into the main README. If there's any suggestions or feedback, feel free to reopen this issue or create a new one. |
Sorry i missed this ping, but yeah looks alright! |
All good, no worries! |
It would be interesting a comparison table like this https://www.cryfs.org/comparison It is at the end of the page.
Some of the possible software to compare: cryfs (can be used with sirikali GUI), finalcrypt, cryptomator, veracrypt and zulucrypt.
The text was updated successfully, but these errors were encountered: