Zcash Community:
Exciting news! After merging https://github.com/multifactor/MFKDF2.rs/pull/43 in the next few days, we will have completed Milestone 2 of our community grant for MFKDF2.
Over the past weeks, we have finished the following:
- All proposed security improvements based on the findings for the original MFKDF
- Passkey as a factor (with biometrics attainable via device-native instructions)
- Threshold factor hints and upgradable KDF parameters over time
- MFCHF and MFDPG modes of operation via the getSubkey() and derivePassword() methods
- Verification between reference JS implementation and Rust implementation via comprehensive differential testing suite
In anticipation of the final Rust PR being merged within the next few days, we have already kicked off Phase 3 of the grant, which consists of red-team analysis of the MFKDF2 library, in collaboration with a team based in ETH Zurich.