[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

scrypt encryption utility - choice of IV/nonce (and command line interface)

Hi everyone!

Just looking through the source of the scrypt utility.

I'd like to understand why a constant (0) was chosen for the nonce for AES CTR mode. I understand that since the key we're using has an extremely low chance of ever being used twice (due to pre-salting), and that the output of AES CTR is key-dependant, it would not really be a problem.

Would there be any harm in using say, the first 8 bytes of the header HMAC, or the last 8-bytes of the derived key, instead of a constant?

At best, this would incorporate some of the non-used key material into the output of the AES CTR (strengthening it?).

At worst, it wouldn't make things any better. (Is there a drawback that I'm not seeing, that this would cause?)

You'd need to increment the file version, but otherwise the file format could remain unchanged.

Any interest in a patch for this?

A side note, I'd like to make the utility a little more command-line friendly, especially respect with pipes. Any interest in seeing a patch that has "-" as a valid infile, and perhaps -k keyfile for specifying a file containing the password?

- Derek