[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
scrypt encryption utility - choice of IV/nonce (and command line interface)
Just looking through the source of the scrypt utility.
I'd like to understand why a constant (0) was chosen for the
nonce for AES CTR mode. I understand that since the key we're
using has an extremely low chance of ever being used twice (due
to pre-salting), and that the output of AES CTR is key-dependant,
it would not really be a problem.
Would there be any harm in using say, the first 8 bytes of the
header HMAC, or the last 8-bytes of the derived key, instead of a
At best, this would incorporate some of the non-used key material
into the output of the AES CTR (strengthening it?).
At worst, it wouldn't make things any better. (Is there a
drawback that I'm not seeing, that this would cause?)
You'd need to increment the file version, but otherwise the file
format could remain unchanged.
Any interest in a patch for this?
A side note, I'd like to make the utility a little more
command-line friendly, especially respect with pipes. Any
interest in seeing a patch that has "-" as a valid infile, and
perhaps -k keyfile for specifying a file containing the password?