jproulx / crypto-js

Automatically exported from code.google.com/p/crypto-js
0 stars 0 forks source link

Add scrypt to the options #56

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Can you add scrypt to the options? scrypt is a key derivation function, which 
is designed to be far more secure against hardware brute-force attacks than 
PBKDF2 or bcrypt.

This will be a very good addition for password hashing, because of GPU 
brute-force techniques, the default hashes aren't that secure anymore.

For details, you can look at: http://www.tarsnap.com/scrypt.html
and: http://en.wikipedia.org/wiki/Scrypt

Maybe you'll find this interesting: 
http://www.codinghorror.com/blog/2012/04/speed-hashing.html

Original issue reported on code.google.com by michiele...@gmail.com on 20 Nov 2012 at 1:18

GoogleCodeExporter commented 9 years ago

Original comment by Jeff.Mott.OR on 20 Nov 2012 at 5:12

GoogleCodeExporter commented 9 years ago
Scrypt would be very interesting...

Original comment by xanato...@gmail.com on 16 May 2013 at 12:52

GoogleCodeExporter commented 9 years ago
Here's an scrypt implementation against the 3.x branch, r666. It uses the 
asm.js style and typed arrays in order to be fast enough to make it practical 
to use parameter values that can defend against hardware brute-force attacks.

Original comment by jyass...@gmail.com on 31 Mar 2014 at 2:18

Attachments:

GoogleCodeExporter commented 9 years ago
Thanks Jeffrey for your scrypt implementation. I was interested as a 
replacement for js-scrypt (https://github.com/tonyg/js-scrypt) since it doesn't 
work properly in Safari. However, your implementation seems to have the same 
problem (tested on Safari on iPad iOS 7). Did you encounter the same issue?

Original comment by boivin.jerome@gmail.com on 14 Apr 2014 at 7:35

GoogleCodeExporter commented 9 years ago
I haven't tested on iOS at all. The new test passes on MacOS Safari 7.0.3. Do 
you know what error iOS Safari gives?

Original comment by jyass...@gmail.com on 16 Apr 2014 at 5:05

GoogleCodeExporter commented 9 years ago
No error from Safari on iOS, but invalid output. I put a test page on my web 
site for you to reproduce: http://jboivin.free.fr/sbcloud/test.html
I attached result output from Safari for iPad 2 iOS 7.1 (11D167).

Original comment by boivin.jerome@gmail.com on 13 May 2014 at 3:13

Attachments:

GoogleCodeExporter commented 9 years ago
However, it seems that only the first test passes successfully: 
check("", "", 16, 1, 1, 
"77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f
8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906");

Original comment by boivin.jerome@gmail.com on 13 May 2014 at 3:21

GoogleCodeExporter commented 9 years ago
I performed further tests, and it seems to be a regression of Safari on iOS 7. 
SCrypt is working fine (but extremely slowly) on my iPhone 3GS with iOS 6, and 
on iPad with Mercury Browser. However, it is quite unusable with cost parameter 
> 1024, due to Apple javascript engine limitation in 3rd party browsers :-(
Working fine on Android devices I tested on, including Google Nexus 5.

Original comment by boivin.jerome@gmail.com on 16 Jun 2014 at 1:44

GoogleCodeExporter commented 9 years ago
Here is a small fix for Math.imul not implemented on IE 11.

Original comment by boivin.jerome@gmail.com on 16 Jun 2014 at 1:48

Attachments: