New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Select scrypt parameter based on computing power and memory #17
Comments
Maybe implement an aproach similar to the ruby scrypt gem https://github.com/pbhogan/scrypt or termchalk https://github.com/pquerna/termchalk |
could use https://github.com/steakknife/scrypt |
I'd like to not have any C components, if possible. Maybe we can have a look at how the calibration is done, and implement that part ourselves. FYI: I've also implemented the chunking algorithm in C (see https://github.com/fd0/rabin-cdc), so if performance is limited by the chunker in the future, we'll be able to switch to this implementation. |
I think compression and encryption has more overhead than chunking. But little can be done without allocating all buffers with malloc. |
Maybe we can collaborate with @elithrar, he also needs this function for the |
There's currently an ongoing standardization project with the intended goal of selecting the "next generation" It should be finished soon (2015 Q2 is now, right?) https://password-hashing.net/index.html https://en.wikipedia.org/wiki/Password_Hashing_Competition Might be worth looking into / waiting for - it seems that
(see also dsheets/ocaml-sodium#16 ) |
Keep in mind that you may not want to jump on the latest algorithm Anyway, as for scrypt auto-tuning: doing it cross-platform is tricky. The
|
We'll stick with |
I have time-limited scrypt hardness autotuner: https://github.com/tgulacsi/go/blob/master/crypthlp/scrypthlp.go It starts with 14, and increments till the twice of the current run won't finish in the time limit. Not perfect (first I calculated the optimum based on the time of 14 and that each increment doubles the time, but swapping strikes earlier...), but better than a hard-coded parameter. |
Oh, thanks for the hint! You've licensed the code as Apache 2.0, do you know whether that's compatible with the BSD license from restic? |
Ah, wrong button. :/ |
As I'm the author, I can (and will) relicense that part with the same license as restic is under, for restic. That's not too much code, just copy the relevant parts and mention the source and me. |
Great, I'll have a look! |
Users with strong computing power will automatically get higher key derivation standards.
The text was updated successfully, but these errors were encountered: