21 Sep
2014
21 Sep
'14
1:53 a.m.
On Sat, Sep 20, 2014 at 06:43:56PM +0200, CodesInChaos wrote:
Why would you use scrypt for anything except strengthening low entropy secrets (like passwords)? For high entropy secrets there are much simpler and cleaner alternatives, such as HKDF.
excellent observation. with nacl would generic_hash(master_key, some_const, key_size) be sufficient as a kdf? -- otr fp: https://www.ctrlc.hu/~stef/otr.txt