Since we’re on this topic, I have a question/suggestion: >The parameter N must be a power of 2 greater than 1.
It seems to me that it would be better to specify that the input parameter n should simply be a positive integer and have the computation of N=2^n be part of the scrypt algorithm. Is there a reason you didn’t do it that way? rg On Nov 15, 2013, at 3:03 PM, Colin Percival <[email protected]> wrote: > On 11/15/13 08:09, Laurens Van Houtven wrote: >> I'm e-mailing this on behalf of PyCA. We're a group of Python hackers trying >> to >> improve the state of cryptographic libraries in Python, and trying to provide >> APIs that people can't get wrong. (The current state is that some of the >> libraries aren't great, and the APIs are way too low level.) >> >> I was wondering if the canonical way to use scrypt as a KDF, particularly for >> purposes of password storage) is documented anywhere. The big implementation >> right now for Python suggests writing one using enc/dec functions (so the >> file >> encryption thing that is included in the tarball as a demo), but that seems >> kind >> of orthogonal to the actual key derivation part :) > > You want to call crypto_scrypt. The rest of the code might be useful for > figuring out what parameters to provide (for N in particular), but you might > get away with just picking reasonable fixed values and planning on bumping > them every few years. > > /** > * crypto_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen): > * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r, > * p, buflen) and write the result into buf. The parameters r, p, and buflen > * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32. The parameter N > * must be a power of 2 greater than 1. > * > * Return 0 on success; or -1 on error. > */ > int crypto_scrypt(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t, > uint32_t, uint32_t, uint8_t *, size_t); > > -- > Colin Percival > Security Officer Emeritus, FreeBSD | The power to serve > Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid >
