chrisveness / scrypt-kdf Goto Github PK

The current API uses strings: the passphrase is expected to be a string and the key is a base64 string.

The passphrase is passed as-is to the core lib. The core lib also accepts buffers so it should be safe to simply update the checks and documentation to use (string | Buffer). Requiring strings prevents from using binary keys as passphrases due to encoding-related restrictions (not all buffers are valid UTF-8).

The main issue is related to the return type. In the database, it is more efficient to store the hash as bytes array. The current function post-processes the output buffer to encode it to base64. This requires users to decode the result back to a buffer to handle encoding themselves.
I'd argue that it would be more ergonomic to provide a general API returning returning a Buffer and let the user call .toString("base64") if needed instead of forcing the encoding. This behavior would also be closer to the behavior of the standard library.

This would be a semver major breaking change.

Sorry for imposing my lack of crypto knowledge on you, but I don't see the benefit of having scrypt generate more bytes to then only use some of them. Wouldn't passing 32 as the keylen give you the same effective result?

This repository should contain a CHANGELOG.md file to help maintainers to review releases.

I attempted to incorporate version 2.0.1 of this library into my project, but hit a snag in the following code:

import scrypt from 'scrypt-kdf'
...
const storedKdf = Buffer.from(storedPassword, 'hex');
return scrypt.verify(storedKdf, passwordToTest);

which results in an error on this line in the scrypt library:

I initially thought it was my use of 'hex' as the encoding, but changing both the password storage and decoding to 'base64' yields the same error. As far as I know a Node.js Buffer object is also an instance of Uint8Array, so I'm wondering what's causing this issue.

> let scrypt = require('scrypt-kdf')
undefined
> scrypt.pickParams(0.1)
512 0.002940500020980835 174120.04636858223
{ logN: 10, r: 8, p: 1 }
> scrypt.pickParams(0.1)
3072 0.0010730000734329225 2863000.7360312105
{ logN: 13, r: 8, p: 1 }
> scrypt.pickParams(0.1)
4096 0.0010850999355316161 3774767.526820719
{ logN: 13, r: 8, p: 1 }

This patterns is very reproducible, at least with node 12.18.3. I suspect this might be JIT in action, since the code is in javascript, or some similar effect. As you can see from the debug output, on first execution it only does a single iteration of the timing loop, returning an under-estimate of the real performance.

Suggest increasing the timing loop from just 1ms to several milliseconds.

Here are the results using 10ms timing loop:

> let scrypt = require('scrypt-kdf')
undefined
> scrypt.pickParams(0.1)
24064 0.010037699937820435 2397361.9603163
{ logN: 12, r: 8, p: 1 }
> scrypt.pickParams(0.1)
37376 0.010131500005722046 3689088.484320275
{ logN: 13, r: 8, p: 1 }
> scrypt.pickParams(0.1)
36864 0.010046800017356873 3669228.0065606637
{ logN: 13, r: 8, p: 1 }
> scrypt.pickParams(0.1)
70144 0.010081699967384339 6957556.783769137
{ logN: 14, r: 8, p: 1 }

And here are the results using 100ms timing loop:

> let scrypt = require('scrypt-kdf')
undefined
> scrypt.pickParams(0.1)
790016 0.10005019998550416 7896196.110697051
{ logN: 14, r: 8, p: 1 }
> scrypt.pickParams(0.1)
1000448 0.10005380010604858 9999100.473341437
{ logN: 14, r: 8, p: 1 }

Since this function isn't expected to be called frequently, I think making it slower but more accurate by increasing the number of iterations of the timing loop is warranted. At least, it could be a parameter that caller can specify, if they are willing to wait (for example, the function is only called once on server startup, where 100ms might be perfectly acceptable).

Is it possible to implement Single step key derivation as per NISTSP800-56A using this library?
Please help.

Sorry in advance if this is a stupid question :)

I am trying to switch from barrensteyns scrypt implementation to this lib. However I noticed a difference when picking parameters:

When running

const scrypt = require('scrypt');
const scryptParametersOld = scrypt.paramsSync(0.1, 0, 0.5);

I get: params { N: 14, r: 8, p: 1 }

where:

const Scrypt = require('scrypt-kdf');
const scryptParametersNew = Scrypt.pickParams(0.1, 0, 0.5);

returns: params { logN: 13, r: 8, p: 1 }

Since it says in the readme a value of 15 is actually recommended for sub 100ms implementions, I am a bit confused. Is the pickParams correctly implmented and why do both funcs return different results?