scrypt integerify implementation selects the wrong word from block

[ericmj]

I think the integerify implementation is incorrect. To quote the specification [1]:

Integerify(B0 ... B2r−1) is defined as the result of B2r−1

Which can also be interpreted as select the last word from a block. The integerify function in triplesec on the other hand selects a word form the middle of the block.

fixup_uint32(X[0x10*(lim-1)]) & (@N - 1)

The 0x10 constant above should be 0x20. I would guess this mistake stems from this code being based on a reference implementation that used 64-bit words and the triplesec implementation using 32-bit words (Int32Array).

[1] http://www.tarsnap.com/scrypt/scrypt.pdf

[ericmj]

My bad, it seems like it does indeed select the correct word. My confusion comes from smix using double sized arrays for some reason.

[maxtaco]

Thanks for checking out the code. I am pretty sure our implementation outputs the published test vectors so we should be producing predictable results. Thanks!

On Thursday, March 31, 2016, Eric Meadows-Jönsson notifications@github.com wrote:

Closed #53 https://github.com/keybase/triplesec/issues/53.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/keybase/triplesec/issues/53#event-610028903

[ericmj]

Yeah, I found the test vectors eventually which was of great help for my own implementation.

Thanks!