Hello everyone, I read the paper about the scrypt KDF, and it seems to be very strong. I am one of the devs of tomb[1], a cryptographic tool. I am trying to use scrypt as a KDF for tomb encryption.
What I did is adding a new command line program called "stretcher" that will do _just_ this job; it's meant to be used by batch programs, so it has a bare (but easily parseable) interface. I put my code on [2], you can see the diffs on [3]. To make it easier to use for scripts, it is meant to work like this: when you want to encrypt, you'll: * call stretcher with no arguments, receiving valid parameters and a salt * call stretcher with the arguments you just received and the password, receiving the derived key * call you favourite encryption software using your derived key as the password; be sure to save the parameters and the salt somewhere! when you want to decrypt, you'll: * read the parameters and the salt from somewhere * call stretcher with those parameters and the password, receiving the derived key * call the appropriate decryption software using the derived key as the password. Both the hash and the derived key is handled using base64 encoding: this will make it easier to save it anywhere, to pass as argument, or whatever. Of course, it is not perfectly polished (there is still no way to specify maxmem, maxmemfrac and maxtime, for example), but it seems to me good enough. What about merging it in the mainline code? Do you see any clear bug? Do you have any suggestions? [1] http://tomb.dyne.org/ [2] https://github.com/boyska/scrypt/tree/onlystretch [3] https://github.com/boyska/scrypt/compare/master...onlystretch -- boyska GPG: 785DE285
