New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Claimed issue with spec #183

Open
technion opened this Issue Jan 5, 2017 · 4 comments

Comments

Projects
None yet
4 participants
@technion
Contributor

technion commented Jan 5, 2017

Hi,

A concern has been raised here regarding a spec issue:

https://www.reddit.com/r/crypto/comments/5m8f32/found_a_small_error_in_argon2_spec/

I've logged this for the person who made the post, as they are not on GitHub.

@josephlr

This comment has been minimized.

Show comment
Hide comment
@josephlr

josephlr Jan 6, 2017

Contributor

It looks like they are correct. Compare the comment here: https://github.com/P-H-C/phc-winner-argon2/blob/master/src/core.c#L187-L189 to the spec on Page 7. There's a difference here.

My guess would be that the second part of the Mapping J1, J2 to the reference block index spec section (where we only use the 3 previous segments) got mixed up with the first part. It doesn't seem that bad because it only reduces the size of the reference area by about 7/8 on average, but the choice is still interesting. I can't speak to which would be better (spec vs. implementation).

Contributor

josephlr commented Jan 6, 2017

It looks like they are correct. Compare the comment here: https://github.com/P-H-C/phc-winner-argon2/blob/master/src/core.c#L187-L189 to the spec on Page 7. There's a difference here.

My guess would be that the second part of the Mapping J1, J2 to the reference block index spec section (where we only use the 3 previous segments) got mixed up with the first part. It doesn't seem that bad because it only reduces the size of the reference area by about 7/8 on average, but the choice is still interesting. I can't speak to which would be better (spec vs. implementation).

@khovratovich

This comment has been minimized.

Show comment
Hide comment
@khovratovich

khovratovich Jan 6, 2017

Member

Great catch! Indeed it is an implementation bug, dating back to the very first implementation at Jan 2015.

But since it is non-critical, we'll probably fix it only in the new version of Argon2, whenever it appears. The spec will be fixed soon.

Member

khovratovich commented Jan 6, 2017

Great catch! Indeed it is an implementation bug, dating back to the very first implementation at Jan 2015.

But since it is non-critical, we'll probably fix it only in the new version of Argon2, whenever it appears. The spec will be fixed soon.

@technion

This comment has been minimized.

Show comment
Hide comment
@technion

technion Jan 6, 2017

Contributor

we'll probably fix it only in the new version of Argon2, whenever it appears

As long as it doesn't affect security, I'd highly suggest trying focus on stability.

Contributor

technion commented Jan 6, 2017

we'll probably fix it only in the new version of Argon2, whenever it appears

As long as it doesn't affect security, I'd highly suggest trying focus on stability.

@LoupVaillant

This comment has been minimized.

Show comment
Hide comment
@LoupVaillant

LoupVaillant Jul 27, 2017

Just here to say I was the one who reported the bug on Reddit (I finally had to get that GitHub account). Thanks for forwarding it here!

LoupVaillant commented Jul 27, 2017

Just here to say I was the one who reported the bug on Reddit (I finally had to get that GitHub account). Thanks for forwarding it here!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment