maxtaco
commented
10 years ago Thanks for looking into this. We did a python version of triplesec, and that seemed to be OK with the N/r/p combo. Also, in Colin's library, crypto_scrypt seems to expose the N/r/p interface.
The reason why we decided against the maxmem/maxmemfrac/maxtime option was that you'd need to run scrypt on your phone, your browser, or your web client, and you'd need to get the same answer in all 3.
Finally, I think most litecoin implementations hardcode N=2^10/r=8/p=1, rather than the relative strengths.
adamldoyle
For the POST /login call, the expectation is to run the password through Scrypt using the earlier retrieved salt plus the configuration values of N=2^15, r=8, and p=1. However, many/most Scrypt implementation libraries don't directly expose N/r/p but instead rely on maxmem, maxmemfrac and maxtime. By relying on specific values for the Scrypt generated encoded string that aren't possible to set in libraries, it makes it incredibly difficult to make use of the API.
One potential option would be to set minimum required values (and maybe maximum) for the configuration values, but allow the calling code to use what they want. Additionally, if the expectation was to pass over the entire encrypted string instead of just encrypted[96:128], the server could extract the configuration values used, validate them, and then decode the string appropriately.
Libraries that were looked at that had issues: http://www.tarsnap.com/scrypt.html (Original C source library) https://bitbucket.org/mhallin/py-scrypt/src (Python) https://github.com/pbhogan/scrypt (Ruby)