feat(general): Add alternate key derivation algorithms

[bathina2]

This PR adds the ability to select a different key derivation algorithm instead of scrypt. We add the pbkdf2 algorithm as an example. However, the default is still scrypt and we are not yet using the pbkdf2 algorithm to generate keys yet.

[jkowalski]

this is interesting, I'm curious if there's any particular reason for this? is it to support memory-constrained environments? compliance?

[bathina2]

@jkowalski FIPS compliance. Besides the key derivation, Kopia can mostly be run in a FIPS compliant manner (supports selecting encryption and hashing etc).

[bathina2]

I mean to follow up this PR with changes that let you select the key derivation algorithm.

[bathina2]

@jkowalski I've simplified the PR a bit. What do you think of this approach? Are there any other changes you would like to see?

[Shrekster]

A good rule of thumb is to use a salt that is the same size as the output of the hash function. For example, the output of SHA256 is 256 bits (32 bytes), so the salt should be at least 32 random bytes.

REF: https://crackstation.net/hashing-security.htm

Should not this be 32 instead for both scrypt and pbkdf2 ?

[bathina2]

I believe throughout the code we pass in a 32 byte salt so I can change this to make that the minimum. I picked 16 because it was the minimum recommended for NIST. I will update the comments with this information.

[Shrekster]

Also, changing the salt size will break existing users, so it is required to be consistent with the existing code unless we have a key migration path forward.

[codecov]

Codecov Report

Attention: Patch coverage is 86.95652% with 3 lines in your changes are missing coverage. Please review.

Project coverage is 77.10%. Comparing base (cb455c6) to head (abd8f21).
Report is 55 commits behind head on master.

Files	Patch %	Lines
cli/command_user_add_set.go	0.00%	1 Missing and 1 partial ⚠️
internal/user/user_profile_hash_v1.go	92.30%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3670      +/-   ##
==========================================
+ Coverage   75.86%   77.10%   +1.23%     
==========================================
  Files         470      476       +6     
  Lines       37301    28784    -8517     
==========================================
- Hits        28299    22193    -6106     
+ Misses       7071     4669    -2402     
+ Partials     1931     1922       -9     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Shrekster]

LGTM, we can merge once the linters pass.

[Shrekster]

Looks like GitHub is misbehaving on this PR. @bathina2 and I attempted to push commits to this branch which are not showing up here. No further changes are visible, so we'll be reopening this PR.

[Shrekster]

@jkowalski note that we had to duplicate the MasterKeyLength constant in each file with a !testing build flag. If you have a better approach let us know and we'll update it. Taking this in for now.

[julio-lopez]

Superseded by:

• feat(general): add alternate key derivation algorithms #3725
• feat(general): User_profile_add_set cli changes #3770
• feat(cli): allow setting key derivation algorithm for format blob #3779
• feat(general): key derivation algorithm for cache encryption #3799
• feat(general): User profile hashing version to algorithm translation #3816