ProxyCrypt is now compiled with MinGW 5.3.0 (instead of 4.7.4). Performances are globally slightly better (with a few slowdowns though), depending on the version (32 or 64-bit), the algorithm and the hardware.
Thanks to this new compiler, security is also improved on the 64-bit version with a better use of ASLR (--high-entropy-va).
This release might be one of the last 1.x versions. I am planning to create a 2.x version which will break the compatibility with the volumes created with the 1.x version.
The reason is that I think to replace scrypt by another key derivation function, Argon2
. Argon2 is the winner of the Password Hashing Competition
and seems to be currently the best possible choice for a key derivation function.
Of course, in this case, the last 1.x version will remain permanently available for download. It will simply be no longer supported.
Scrypt is still very secure, especially in the way it is used in ProxyCrypt, but its efficiency can be reduced in some ways
, and it is not protected against timing attacks (but such attacks are very unlikely
One of the guidelines of ProxyCrypt is the smallest possible size of executable. If I choose to keep a legacy algorithm, the executable will be much bigger and this policy will be broken.
Of course, I also could simply keep a "good enough" algorithm (scrypt), but I want the best possible algorithms.
I can also use this opportunity for doing something about the time required for hashing the password, which can currently be rather long on some machines.
The only remaining point is the choice of the hash algorithm. Argon2 is provided with Blake2, which is an improved version of Blake, which was one of the finalists of the NIST hash function competition
. But according to the paper
, Argon2 can be used with other hash functions.
If I had to choose one, I would keep Whirlpool, because unlike Blake, it is not related to the NIST. However, Blake2 is a modified version of Blake, and therefore no longer related to the NIST. So, even in a political point of view, using SHA3 would be valid.