libgcrypt's scrypt algorithm has N and p values wrongly set

Laxmi Narsaiah Bandla laxminarsaiah.bandla at gmail.com
Mon Jan 22 07:26:11 CET 2018 

Any comments on this please?

Thanks
Laxmi Narsaiah

On 14 January 2018 at 01:34, Laxmi Narsaiah Bandla <
laxminarsaiah.bandla at gmail.com> wrote:

>
> Hi All,
>
> In the API gcry_kdf_scrypt implementation i see the below code.
>
> 240 gcry_err_code_t
> 241 _gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen,
> 242                   int algo, int subalgo,
> 243                   const unsigned char *salt, size_t saltlen,
> 244                   unsigned long iterations,
> 245                   size_t dkLen, unsigned char *DK)
> 246 {
> 247   u64 N = subalgo;    /* CPU/memory cost parameter.  */
> 248   u32 r;              /* Block size.  */
> 249   u32 p = iterations; /* Parallelization parameter.  */ <<<<<<<<<<<
> 250
> 251   gpg_err_code_t ec;
> 252   u32 i;
> 253   unsigned char *B = NULL;
> 254   unsigned char *tmp1 = NULL;
> 255   unsigned char *tmp2 = NULL;
> 256   size_t r128;
> 257   size_t nbytes;
>
> Here iterations should have been assigned to N (CPU/memory cost supposed
> to be higher) but it is assigned to p (parallelization). The same wrapper
> api gcry_kdf_derive() api's iteration argument has been correcly used in
> _gcry_kdf_pkdf2().
>
> when i set iterations to 20,000 (for PBKDF2) and 16384 (for scrypt) in
> gcry_kdf_derive(), on my machine PBKDF2 took less than a second to generate
> the key/hash where as scrypt took almost 35 minutes.
>
> when i set iterations = 1 (subalgo) and subalgo = 16384, it took less than
> a second to generate the key.
>
> Suggested fix:
>
> 1. Either we should document the arguments properly.
>
> OR
>
> 2.
>
>  u64 N = iterations;    /* CPU/memory cost parameter.  */
>  u32 r;              /* Block size.  */
>  u32 p = subalgo; /* Parallelization parameter.  */ <<<<<<<<<<<
>
> Please let me know.
>
> Thanks
>
> P.S : I have raised a task on gnupg : https://dev.gnupg.org/T3737
>



-- 
regards
RAJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20180122/f6ca8484/attachment.html>

More information about the Gcrypt-devel mailing list