[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Showing progress during scrypt - how good is this idea?
- To: firstname.lastname@example.org
- Subject: Re: Showing progress during scrypt - how good is this idea?
- From: Dmitry Chestnykh <email@example.com>
- Date: Tue, 30 Dec 2014 18:25:07 +0100
- Cc: firstname.lastname@example.org
- In-reply-to: <email@example.com>
- References: <firstname.lastname@example.org>
> On 30 Dec 2014, at 17:43, email@example.com wrote:
> I want to show a percentage indicator during a lengthy scrypt process. The
> simplest idea I can think of is this:
> Pick N,r,p such that each crypto_scrypt() call is fast.
> Then repeat this same crypto_scrypt() call many times, passing the result
> of each crypto_scrypt() to the input (password) of the next
> crypto_scrypt(). The salt is kept the same for each call.
> The question is: Does this reduce security, as opposed to picking a larger
> p? In other words: Is picking p=1000 when calling crypto_scrypt() only
> once more secure than calling crypto_scrypt() with p=1 thousand times with
> the salt constant?
The major point of scrypt is sequential memory hardness, splitting it into many smaller, faster scryptinhos or picking too large ‘p’ will weaken this point.
(p is a parallelization parameter, you probably don’t want to make it too large today).
To give progress indication, you can split smix function into chunks, like I did in scrypt-async-js: