you might like to use this, or you might want to improve on it, or enjoy ridiculing me for it and its bugs: axolotl ratched implemented with libsodium and scrypt (maybe the latter has been over-used a bit): https://github.com/stef/saxolotl -- otr fp: https://www.ctrlc.hu/~stef/otr.txt
Why would you use scrypt for anything except strengthening low entropy secrets (like passwords)? For high entropy secrets there are much simpler and cleaner alternatives, such as HKDF.
On Sat, Sep 20, 2014 at 06:43:56PM +0200, CodesInChaos wrote:
Why would you use scrypt for anything except strengthening low entropy secrets (like passwords)? For high entropy secrets there are much simpler and cleaner alternatives, such as HKDF.
excellent observation. with nacl would generic_hash(master_key, some_const, key_size) be sufficient as a kdf? -- otr fp: https://www.ctrlc.hu/~stef/otr.txt
On Sat, Sep 20, 2014 at 06:53:06PM +0200, stef wrote:
On Sat, Sep 20, 2014 at 06:43:56PM +0200, CodesInChaos wrote:
Why would you use scrypt for anything except strengthening low entropy secrets (like passwords)?
reason: i'm stupid, wasn't thinking, and had so far no such valuable feedback as ours.
For high entropy secrets there are much simpler and cleaner alternatives, such as HKDF.
excellent observation. with nacl would generic_hash(master_key, some_const, key_size) be sufficient as a kdf?
thank you for this useful feedback! i removed scrypt and replaced it with above suggestion. updated on git. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt
Page 6 of the illustrated primer is better than any ASCII RFC chart I've ever seen. http://www.slideshare.net/ChristineCorbettMora/axolotl-protocol-an-illustrat... On Sat, Sep 20, 2014 at 1:14 PM, stef <s@ctrlc.hu> wrote:
On Sat, Sep 20, 2014 at 06:53:06PM +0200, stef wrote:
On Sat, Sep 20, 2014 at 06:43:56PM +0200, CodesInChaos wrote:
Why would you use scrypt for anything except strengthening low entropy secrets (like passwords)?
reason: i'm stupid, wasn't thinking, and had so far no such valuable feedback as ours.
For high entropy secrets there are much simpler and cleaner alternatives, such as HKDF.
excellent observation. with nacl would generic_hash(master_key, some_const, key_size) be sufficient as a kdf?
thank you for this useful feedback! i removed scrypt and replaced it with above suggestion. updated on git.
-- otr fp: https://www.ctrlc.hu/~stef/otr.txt
-- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>
participants (3)
-
CodesInChaos -
stef -
Travis Biehn