libgcrypt's scrypt algorithm has N and p values wrongly set
Laxmi Narsaiah Bandla
laxminarsaiah.bandla at gmail.com
Sat Jan 13 21:04:46 CET 2018
In the API gcry_kdf_scrypt implementation i see the below code.
241 _gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen,
242 int algo, int subalgo,
243 const unsigned char *salt, size_t saltlen,
244 unsigned long iterations,
245 size_t dkLen, unsigned char *DK)
247 u64 N = subalgo; /* CPU/memory cost parameter. */
248 u32 r; /* Block size. */
249 u32 p = iterations; /* Parallelization parameter. */ <<<<<<<<<<<
251 gpg_err_code_t ec;
252 u32 i;
253 unsigned char *B = NULL;
254 unsigned char *tmp1 = NULL;
255 unsigned char *tmp2 = NULL;
256 size_t r128;
257 size_t nbytes;
Here iterations should have been assigned to N (CPU/memory cost supposed to
be higher) but it is assigned to p (parallelization). The same wrapper api
gcry_kdf_derive() api's iteration argument has been correcly used in
when i set iterations to 20,000 (for PBKDF2) and 16384 (for scrypt) in
gcry_kdf_derive(), on my machine PBKDF2 took less than a second to generate
the key/hash where as scrypt took almost 35 minutes.
when i set iterations = 1 (subalgo) and subalgo = 16384, it took less than
a second to generate the key.
1. Either we should document the arguments properly.
u64 N = iterations; /* CPU/memory cost parameter. */
u32 r; /* Block size. */
u32 p = subalgo; /* Parallelization parameter. */ <<<<<<<<<<<
Please let me know.
P.S : I have raised a task on gnupg : https://dev.gnupg.org/T3737
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gcrypt-devel