Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/scrypt: update recommended parameters #22082

Closed
kevinburke opened this issue Sep 28, 2017 · 6 comments
Closed

x/crypto/scrypt: update recommended parameters #22082

kevinburke opened this issue Sep 28, 2017 · 6 comments
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@kevinburke
Copy link
Contributor

The documentation for the Go scrypt library states:

The recommended parameters for interactive logins as of 2009 are N=16384, r=8, p=1. They should be increased as memory latency and CPU parallelism increases. Remember to get a good random salt.

It is now 2017, so it may be good to update the documented parameters as CPU's have gotten more powerful.

https://godoc.org/golang.org/x/crypto/scrypt
@gopherbot gopherbot added this to the Unreleased milestone Sep 28, 2017
@kevinburke
Copy link
Contributor Author

cc @agl, @FiloSottile. I tried searching around the various scrypt websites and RFC's and didn't see any updated values for N, though the RFC mentions r=8 and p=1 are still acceptable.

@kevinburke
Copy link
Contributor Author

kevinburke commented Sep 28, 2017
edited

@agl's pond library uses these values in panda/panda.go:

scrypt.Key(serialised, nil, 1<<17, 16, 4, 32*3)

github.com/codahale/grump defaults to N=20, r=8, p=1. Then again, it also says "You are better off CC'ing a copy of your communications to the FBI than using this."

github.com/odeke-em/drive/src/dcrypto/v1 uses N= 262144, r=8, p=1.

github.com/dchest/scryptutil uses N=1 << 18, r=8, p=1.

@agl
Copy link
Contributor

agl commented Sep 28, 2017

Pond is extreme here, but things have changed since 2009. Anyone want to ask Colin Percival?

@kevinburke
Copy link
Contributor Author

Sure, I'll send him an email.

@kevinburke
Copy link
Contributor Author

Hi Kevin,
The RFC is correct. For an updated value of N, check what you can run within
100 ms; I suspect that 32768 will be the right value now. CPUs speeds haven't
increased very much in the past decade...

@gopherbot
Copy link

Change https://golang.org/cl/67070 mentions this issue: scrypt: Update recommended parameters for 2017

@ghost ghost mentioned this issue Oct 5, 2017
Closed
@DaCryptor DaCryptor mentioned this issue Dec 9, 2017
Closed
nono added a commit to nono/cozy-stack that referenced this issue Jan 2, 2018
@nono
Update scrypt N parameter
7bb74ed 
See https://blog.filippo.io/the-scrypt-parameters/
and golang/go#22082
@nono nono mentioned this issue Jan 2, 2018
Merged
nono added a commit to nono/cozy-stack that referenced this issue Jan 2, 2018
@nono
Update scrypt N parameter
6ef97fe 
See https://blog.filippo.io/the-scrypt-parameters/
and golang/go#22082
@golang golang locked and limited conversation to collaborators Sep 30, 2018
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
@kevinburke @agl
scrypt: update recommended parameters for 2017
a8966d6 
Previously we documented recommended parameters for scrypt from 2009,
which was eight years ago. Update those parameters and also provide
some guidance to users for configuring those settings in 2017. On my
late 2015 Macbook Pro, the scrypt benchmark with N=1<<15, r=8, p=1
completes in 91 milliseconds.

Add an Example with a salt.

Fixes golang/go#22082.

Change-Id: I23e3920db67583c9fce093768a32e67ab9c979f5
Reviewed-on: https://go-review.googlesource.com/67070
Reviewed-by: Adam Langley <agl@golang.org>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
@kevinburke @c-expert-zigbee
scrypt: update recommended parameters for 2017
7ce1b8e 
Previously we documented recommended parameters for scrypt from 2009,
which was eight years ago. Update those parameters and also provide
some guidance to users for configuring those settings in 2017. On my
late 2015 Macbook Pro, the scrypt benchmark with N=1<<15, r=8, p=1
completes in 91 milliseconds.

Add an Example with a salt.

Fixes golang/go#22082.

Change-Id: I23e3920db67583c9fce093768a32e67ab9c979f5
Reviewed-on: https://go-review.googlesource.com/67070
Reviewed-by: Adam Langley <agl@golang.org>
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
@kevinburke @agl
scrypt: update recommended parameters for 2017
47ee267 
Previously we documented recommended parameters for scrypt from 2009,
which was eight years ago. Update those parameters and also provide
some guidance to users for configuring those settings in 2017. On my
late 2015 Macbook Pro, the scrypt benchmark with N=1<<15, r=8, p=1
completes in 91 milliseconds.

Add an Example with a salt.

Fixes golang/go#22082.

Change-Id: I23e3920db67583c9fce093768a32e67ab9c979f5
Reviewed-on: https://go-review.googlesource.com/67070
Reviewed-by: Adam Langley <agl@golang.org>
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
@kevinburke @agl
scrypt: update recommended parameters for 2017
4cf386b 
Previously we documented recommended parameters for scrypt from 2009,
which was eight years ago. Update those parameters and also provide
some guidance to users for configuring those settings in 2017. On my
late 2015 Macbook Pro, the scrypt benchmark with N=1<<15, r=8, p=1
completes in 91 milliseconds.

Add an Example with a salt.

Fixes golang/go#22082.

Change-Id: I23e3920db67583c9fce093768a32e67ab9c979f5
Reviewed-on: https://go-review.googlesource.com/67070
Reviewed-by: Adam Langley <agl@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@agl @kevinburke @gopherbot