On Wed, Mar 11, 2015 at 10:53 AM, Fabio Pietrosanti (naif) - lists <[email protected]> wrote: > Hi all, > > at GlobaLeaks we're undergoing implementation of client-side encryption > with server-side storage of PGP Private keys. > > Obviously the hashing to be used for storing such PGP private keys has > to be strong enough, with valuable key-stretching approach. > > We're now considering using Scrypt with some finely tuned parameters, > but we've concern regarding it's performance in the browser as a JS > implementation. > > PBKDF2 is available from WebCrypto API and, as far as i read and > understand but i'm not that low-level-crypto expert, is used internally > to scrypt.
Sure, scrypt uses PBKDF2 with HMAC-SHA-256 as its PRF of choice in the state expansion and compression steps [1]. > Does anyone know of any scrypt implementation that try to leverage the > WebCrypto API? AFAICT, there is no such implementation yet. While PBKDF2 is included in the WebCrypto API specifications, to date its support is pretty limited. PBKDF2 works with Chrome Canary (Windows and OSX) and Opera Developer (Windows); it also works with Firefox, but only with SHA-1 --- as such, it is not relevant for scrypt applications. Until more browsers start supporting PBKDF2 with HMAC-SHA-256, you might be better of reverting to a JavaScript library, to be plugged in your scrypt implementation. I never took the chance to look at it, but I heard that asmcrypto.js provides the fastest PBKDF2-HMAC-SHA-256 implementation in town [2]. Good luck. [1] http://tools.ietf.org/id/draft-josefsson-scrypt-kdf-02.txt [2] https://github.com/vibornoff/asmcrypto.js -- Alfonso tweets @secYOUre _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
