2

LUKS 2 encryption uses Argon2i as the default PBKDF. As the key is used on each access, I guess side-channel attacks are a significant threat factor. However, as I'm not a cryptographer, I am not qualified to say but I'm still interested whether this choice has its grounds.

Specifically, I am not interested in whether Argon2i provides less protection against TMTO, but whether Argon2id provides less protection against side-channel attacks. Also, it is interesting whether using Argon2id is practically safe enough for situations in which side-channel attacks are the main threat factor.

kelalaka
  • 48,443
  • 11
  • 116
  • 196
Lyubomir
  • 21
  • 3
  • Possible duplicate of When to use Argon2i vs Argon2d vs Argon2id? – kelalaka Apr 29 '21 at 15:59
  • @kelalaka IMO the answer you mentioned doesn't entirely answer the question whether Argon2id lowers protection against side-channel attacks. From that answer you can see that it does offer some protection against side-channel attacks, but not whether that protection is theoretically and/or practically worse than Argon2i. Again i am not a cryptologist. – Lyubomir Apr 29 '21 at 17:28
  • I think it does. $D$ for data dependent, $I$ for data independent, and $id$ uses both approaches. So in side-channel security $argon2d< argon2id<argon2i$ – kelalaka Apr 29 '21 at 17:31
  • Read the dupe answer again, and carefully please! – kelalaka Apr 29 '21 at 20:24
  • 1
    I guess the key point here is "In other words, a side-channel attack against Argon2id reduces its security to one-pass Argon2i.". So Argon2id doesn't seem completely safe against side-channel attacks. – Lyubomir Apr 29 '21 at 20:42
  • Yes, that's it! – kelalaka Apr 29 '21 at 20:42
  • Though it's interesting to me why HERE they say "....or you consider side-channel attacks as viable threat, choose Argon2id". Seems like authors believe Argon2id is preferred to Argon2i or at least practically secure enough, even with the reduced side-channel protection. – Lyubomir Apr 29 '21 at 20:52
  • That is the first paragraph of the answer in rephrasing. – kelalaka Apr 29 '21 at 20:53

0 Answers0