Request for feedback: how slow is your slowest MAAS cloud?
Mike Pontillo
mike.pontillo at canonical.com
Fri Jun 2 16:12:40 UTC 2017
On Thu, Jun 1, 2017 at 7:59 PM, Seth Arnold <seth.arnold at canonical.com>
wrote:
> PBKDF2 is also fairly old; I believe most cryptographers would prefer
> argon2, scrypt, or bcrypt to PBKDF2, with a grudging acceptance that if
> you have to sell into the FIPS marketplace you may not have a choice.
> Do we have a choice?
>
It's true that my selection of PBKDF2 was influenced by my previous work on
FIPS-enabled crypto projects.
I think in this case it's valuable to have FIPS compliance in our back
pocket. In truth, the entire security model here needs to be improved in
the long-term. I feel that this is really a stopgap until we get to a full
PKI solution for MAAS. This particular key derivation scheme doesn't really
add a huge amount of security; if an attacker discovers the MAAS shared
secret, it's already "game over", so to speak.
So I don't particularly mind what the key derivation algorithm is, because
it's not even password-based at all, which makes it inherently stronger.
The MAAS shared secret is 16 random bytes, so brute force attacks are
already impractical. This scheme is just for "defense in depth".
Regards,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/maas-devel/attachments/20170602/fa9a8560/attachment.html>
More information about the Maas-devel
mailing list