Merlin wrote:compul wrote:Mac wrote:@Resonance, @Merlin, @compul
One of the difficulties with trying to support multiple password hashing functions, and these need modernising, as a direct result of the audit, even if only during a transition period, is that space for the boot loader code is limited, it simply may not be possible to make it fit and support both methods, in which case setup may have to perform checks and force a decrypt before any upgrade. I suspect backwards support can be managed if the hashing iteration is simply increased, trying two iteration counts is a trivial amount of extra code, changing the function to some other memory hard function is desirable, but where I'd expect the developers to simply be forced to introduce breakage, purely because they can't get a quart into a pint pot.
Would moving from BIOS to UEFI solve this problem? If not, I've been looking for a reason to push my tiny SkinnyCat memory-hard password hashing scheme It's quite a bit simpler than Script, but unfortunately, it has no real-world testing or cryptanalysis. So... maybe not.