-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should the scrypt parameters be updated? #467
Comments
Thanks for filing this issue, and I don't see any reason why we shouldn't increase security! However, as we discussed offline, how would this affect backwards-compatibility? |
Something like that could help to do progressive enhancements - Zenithar@658ca7b |
That makes sense to me, thanks. We can make this backwards-compatible by making the level legacy by default. @rdimitrov Do you think this issue should go into 0.7? |
WDYT? |
Oh, I see, I mistakenly thought Legacy is what Standard actually means. NVM, yes, you're right. |
Hi,
Should we update the
scrypt
cost parameters (2^15, 8, 1) to be aligned with the requirement of being able to derive a key in approximatively100ms
(http://www.tarsnap.com/scrypt/scrypt-slides.pdf - Slide 17)?Based in
Filippo Valsorda
blog post aboutscrypt
- https://words.filippo.io/the-scrypt-parameters/ - I reused its benchmark on my current laptop (M1 10-Core).And the results are :
In conclusion, from the benchmark, on my machine, the appropriate parameter should be
2^16
. But the OWASP Password storage recommends2^17
.I also noticed that this code is directly referenced by cosign to store the private key using this crypto system.https://github.com/sigstore/cosign/blob/main/pkg/cosign/keys.go#L154. Actually, I don't see any threat unless the ability to speedup the brute force attacks of this derivation.
What do you think?
The text was updated successfully, but these errors were encountered: