New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/scrypt: update recommended parameters #22082

Closed
kevinburke opened this Issue Sep 28, 2017 · 6 comments

Comments

Projects
None yet
3 participants
@kevinburke
Contributor

kevinburke commented Sep 28, 2017

The documentation for the Go scrypt library states:

The recommended parameters for interactive logins as of 2009 are N=16384, r=8, p=1. They should be increased as memory latency and CPU parallelism increases. Remember to get a good random salt.

It is now 2017, so it may be good to update the documented parameters as CPU's have gotten more powerful.

https://godoc.org/golang.org/x/crypto/scrypt

@gopherbot gopherbot added this to the Unreleased milestone Sep 28, 2017

@kevinburke

This comment has been minimized.

Show comment
Hide comment
@kevinburke

kevinburke Sep 28, 2017

Contributor

cc @agl, @FiloSottile. I tried searching around the various scrypt websites and RFC's and didn't see any updated values for N, though the RFC mentions r=8 and p=1 are still acceptable.

Contributor

kevinburke commented Sep 28, 2017

cc @agl, @FiloSottile. I tried searching around the various scrypt websites and RFC's and didn't see any updated values for N, though the RFC mentions r=8 and p=1 are still acceptable.

@kevinburke

This comment has been minimized.

Show comment
Hide comment
@kevinburke

kevinburke Sep 28, 2017

Contributor

@agl's pond library uses these values in panda/panda.go:

scrypt.Key(serialised, nil, 1<<17, 16, 4, 32*3)

github.com/codahale/grump defaults to N=20, r=8, p=1. Then again, it also says "You are better off CC'ing a copy of your communications to the FBI than using this."

github.com/odeke-em/drive/src/dcrypto/v1 uses N= 262144, r=8, p=1.

github.com/dchest/scryptutil uses N=1 << 18, r=8, p=1.

Contributor

kevinburke commented Sep 28, 2017

@agl's pond library uses these values in panda/panda.go:

scrypt.Key(serialised, nil, 1<<17, 16, 4, 32*3)

github.com/codahale/grump defaults to N=20, r=8, p=1. Then again, it also says "You are better off CC'ing a copy of your communications to the FBI than using this."

github.com/odeke-em/drive/src/dcrypto/v1 uses N= 262144, r=8, p=1.

github.com/dchest/scryptutil uses N=1 << 18, r=8, p=1.

@agl

This comment has been minimized.

Show comment
Hide comment
@agl

agl Sep 28, 2017

Contributor

Pond is extreme here, but things have changed since 2009. Anyone want to ask Colin Percival?

Contributor

agl commented Sep 28, 2017

Pond is extreme here, but things have changed since 2009. Anyone want to ask Colin Percival?

@kevinburke

This comment has been minimized.

Show comment
Hide comment
@kevinburke

kevinburke Sep 28, 2017

Contributor

Sure, I'll send him an email.

Contributor

kevinburke commented Sep 28, 2017

Sure, I'll send him an email.

@kevinburke

This comment has been minimized.

Show comment
Hide comment
@kevinburke

kevinburke Sep 28, 2017

Contributor

Hi Kevin,
The RFC is correct. For an updated value of N, check what you can run within
100 ms; I suspect that 32768 will be the right value now. CPUs speeds haven't
increased very much in the past decade...

Contributor

kevinburke commented Sep 28, 2017

Hi Kevin,
The RFC is correct. For an updated value of N, check what you can run within
100 ms; I suspect that 32768 will be the right value now. CPUs speeds haven't
increased very much in the past decade...

@gopherbot

This comment has been minimized.

Show comment
Hide comment
@gopherbot

gopherbot Sep 29, 2017

Change https://golang.org/cl/67070 mentions this issue: scrypt: Update recommended parameters for 2017

gopherbot commented Sep 29, 2017

Change https://golang.org/cl/67070 mentions this issue: scrypt: Update recommended parameters for 2017

@ghost ghost referenced this issue Oct 5, 2017

Closed

scrypt hashing #58

nono added a commit to nono/cozy-stack that referenced this issue Jan 2, 2018

nono added a commit to nono/cozy-stack that referenced this issue Jan 2, 2018

@golang golang locked and limited conversation to collaborators Sep 30, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.