On 03/23/15 20:04, Maricel Gregoraschko wrote: > I was looking at PBKDF2, bcrypt and scrypt as options for key derivation; and > would like to try using them all together in order to get the cryptographic > strength of the strongest one (which seems to be scrypt so far unless > something novel is discovered, but the assumption is that it is not known > which one is the strongest).
That assumption is incorrect. > [...] > So basically the 3 kdfs are applied in parallel, and the resulting keys are > concatenated and then hashed together. What do you guys think about this one? > Is this obviously superior to just applying the multiple kdf "in series"? Computing several KDF functions in parallel or in series and combining them makes no difference to an attacker; parallel may be more convenient for real users since it may produce results faster by using multiple CPUs. Either way is weaker than making a single scrypt call with larger parameters. > Also, I haven't looked at the sources of the scrypt utility yet, is it > straightforward to take the source files from there to use scrypt as a > function call from another program? Or is there a scrypt library specifically > for that? It's straightforward to extract the source code files you need. I think someone was working on libraryizing scrypt but I can't remember if it was ever finished; and for such a small amount of code I would just import the source code into your program anyway. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
