Re: crypt(3) interface to scrypt

[Robert Ransom <rransom.8774@gmail.com>]

On Thu, 8 Apr 2010 17:44:43 +0400
Solar Designer <solar@openwall.com> wrote:

> As far as I understand, scrypt-1.1.6 is a file encryption program only,
> however one of the primary uses for the scrypt key derivation function
> is to hash operating system and website users' passwords.

No -- the scrypt function is intended to derive an encryption key from
a password.  The derived key, or a hash of it, can be used as an OS
password hash, but I wouldn't go through the pain of setting up PAM to
use scrypt unless I could store the key in memory for later use.
(Dr. Percival might use scrypt for password hashing alone, though.)

scrypt is a bad idea for website passwords -- tying up a web server's
CPU for 0.5 seconds just to check a password is silly, and it is
unlikely to add any security.  (After all, the user just typed the
password into a browser...)  A web browser could use scrypt to protect
an SSL secret key, but that is entirely a client-side decision.

> Does a crypt(3) interface to scrypt exist?  Do you have a proposed
> encoding to use for the "setting" string (consisting of a hash type
> identifier, a salt, and parameters)?

There is no crypt(3)-like interface in the scrypt tarball, and none of
the (five) messages on this list before yours mention one.

Robert Ransom