> On 30 Dec 2014, at 17:43, [email protected] wrote: > > I want to show a percentage indicator during a lengthy scrypt process. The > simplest idea I can think of is this: > > Pick N,r,p such that each crypto_scrypt() call is fast. > > Then repeat this same crypto_scrypt() call many times, passing the result > of each crypto_scrypt() to the input (password) of the next > crypto_scrypt(). The salt is kept the same for each call. > > The question is: Does this reduce security, as opposed to picking a larger > p? In other words: Is picking p=1000 when calling crypto_scrypt() only > once more secure than calling crypto_scrypt() with p=1 thousand times with > the salt constant?
The major point of scrypt is sequential memory hardness, splitting it into many smaller, faster scryptinhos or picking too large ‘p’ will weaken this point. (p is a parallelization parameter, you probably don’t want to make it too large today). To give progress indication, you can split smix function into chunks, like I did in scrypt-async-js: https://github.com/dchest/scrypt-async-js/blob/master/scrypt-async.js#L377 (While there’s no actual progress indication here [yet], splitting computation was a requirement to make JavaScript asynchronous.) -- Dmitry Chestnykh Coding Robots http://www.codingrobots.com
