[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Showing progress during scrypt - how good is this idea?



I want to show a percentage indicator during a lengthy scrypt process. The
simplest idea I can think of is this:

Pick N,r,p such that each crypto_scrypt() call is fast.

Then repeat this same crypto_scrypt() call many times, passing the result
of each crypto_scrypt() to the input (password) of the next
crypto_scrypt(). The salt is kept the same for each call.

The question is: Does this reduce security, as opposed to picking a larger
p? In other words: Is picking p=1000 when calling crypto_scrypt() only
once more secure than calling crypto_scrypt() with p=1 thousand times with
the salt constant?