[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mistake in FORMAT; question about N.
- To: Dmitry Chestnykh <dmitry@codingrobots.com>
- Subject: Re: Mistake in FORMAT; question about N.
- From: Colin Percival <cperciva@tarsnap.com>
- Date: Sat, 28 Apr 2012 13:08:24 -0700
- Cc: scrypt@tarsnap.com
- In-reply-to: <alpine.DEB.2.02.1204271542230.2052@dchest-kubuntu>
- References: <alpine.DEB.2.02.1204271542230.2052@dchest-kubuntu>
On 04/27/12 06:44, Dmitry Chestnykh wrote:
> 1.
>
> I believe there's a mistake in FORMAT file. It says that the last HMAC is for
> data only, while in reality it includes the header as well:
>
> 96+X 32 HMAC-SHA256(bytes 96 .. 96 + (X - 1))
>
> must be
>
> 96+X 32 HMAC-SHA256(bytes 0 .. 96 + (X - 1))
Yep.
> 2.
>
> Regarding the N parameter in scrypt KDF.
>
> The comment in crypto_scrypt.h says:
>
> The parameter N must be a power of 2 greater than 1.
>
> The code accepts N == 1:
>
> if (((N & (N - 1)) != 0) || (N == 0)) {
> // .. error ..
> }
>
> 1 & (1-1) == 0, so it passes the check.
>
> My question is, should N be greater than 1 or >= 1?
> (I realize that in practice it should be much larger).
The documentation is right; the code is wrong.
Do you have a Tarsnap account? This is worth a bug bounty. :-)
> 3.
>
> I've implemented scrypt in Go:
>
> KDF -- https://github.com/dchest/scrypt
> file encryption tool -- https://github.com/dchest/scryptutil
Cool!
> PPS Someone just dropped nuclear bombs on my cities. How do I bring people back
> to life?
That's what good backups are for. :-)
--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid