Re: [Cfrg] scrypt password-based key derivation function

Joachim Strömbergson <Joachim@Strombergson.com> Fri, 28 September 2012 12:52 UTC

Return-Path: <Joachim@Strombergson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2605221F84DD for <cfrg@ietfa.amsl.com>; Fri, 28 Sep 2012 05:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.885
X-Spam-Level:
X-Spam-Status: No, score=-0.885 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eK8qOMqQXzRs for <cfrg@ietfa.amsl.com>; Fri, 28 Sep 2012 05:52:56 -0700 (PDT)
Received: from susano.oderland.com (susano.oderland.com [91.201.63.143]) by ietfa.amsl.com (Postfix) with ESMTP id 4EE1421F84CD for <cfrg@irtf.org>; Fri, 28 Sep 2012 05:52:55 -0700 (PDT)
Received: from 2.67.227.87.static.g-sn.siw.siwnet.net ([87.227.67.2]:33902 helo=tunnis.local) by susano.oderland.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <Joachim@Strombergson.com>) id 1THa3l-000bMS-M5 for cfrg@irtf.org; Fri, 28 Sep 2012 14:52:49 +0200
Message-ID: <50659DA1.70608@Strombergson.com>
Date: Fri, 28 Sep 2012 14:52:49 +0200
From: =?UTF-8?B?Sm9hY2hpbSBTdHLDtm1iZXJnc29u?= <Joachim@Strombergson.com>
Organization: Kryptologik
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
MIME-Version: 1.0
To: cfrg@irtf.org
References: <87bogv4udy.fsf@latte.josefsson.org>
In-Reply-To: <87bogv4udy.fsf@latte.josefsson.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - susano.oderland.com
X-AntiAbuse: Original Domain - irtf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - Strombergson.com
Subject: Re: [Cfrg] scrypt password-based key derivation function
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Joachim@Strombergson.com
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Sep 2012 12:52:57 -0000

Aloha!

On 2012-09-24 11:55 , Simon Josefsson wrote:
> Colin and I have published a draft describing Colin's scrypt key
> derivation function.  We would appreciate review of the document:
>
> http://tools.ietf.org/html/draft-josefsson-scrypt-kdf

Great initiative and good work! I'm trying to follow the draft and build 
an implementation just to see if I can understand it. One thing that 
caught me is the test vectors for Salsa20 in chapter 7.

First off, Sals20 as defined on the DJB page you point to 
(http://cr.yp.to/salsa20.html) works in arrays of 16 uint32_t values. 
The vectors you provide are in byte form. I'm probably thick, but for me 
it is not 100% non ambigious how to combine the bytes into the correct 
sequence of words.

You could also mabye add another set of vectors where all but one byte 
is zero, alternatively that the first 32 bits are all set and the rest 
is all zero. This would help out debugging the endianess/ordering.

-- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================