isolating the KDF part

[boyska <piuttosto@logorroici.org>]

Hello everyone,
I read the paper about the scrypt KDF, and it seems to be very strong.
I am one of the devs of tomb[1], a cryptographic tool. I am trying to
use scrypt as a KDF for tomb encryption.

What I did is adding a new command line program called "stretcher" that
will do _just_  this job; it's meant to be used by batch programs, so it
has a bare (but easily parseable) interface.

I put my code on [2], you can see the diffs on [3].

To make it easier to use for scripts, it is meant to work like this:
when you want to encrypt, you'll:
* call stretcher with no arguments, receiving valid parameters and a
salt
* call stretcher with the arguments you just received and the password,
receiving the derived key
* call you favourite encryption software using your derived key as the
password; be sure to save the parameters and the salt somewhere!

when you want to decrypt, you'll:
* read the parameters and the salt from somewhere
* call stretcher with those parameters and the password, receiving the
derived key
* call the appropriate decryption software using the derived key as the
password.

Both the hash and the derived key is handled using base64 encoding: this
will make it easier to save it anywhere, to pass as argument, or
whatever.

Of course, it is not perfectly polished (there is still no way to
specify maxmem, maxmemfrac and maxtime, for example), but it seems to me
good enough.
What about merging it in the mainline code? Do you see any clear bug? Do
you have any suggestions?

[1] http://tomb.dyne.org/
[2] https://github.com/boyska/scrypt/tree/onlystretch
[3] https://github.com/boyska/scrypt/compare/master...onlystretch

-- 
boyska
GPG: 785DE285