salty axolotl
stef
s at ctrlc.hu
Sat Sep 20 10:14:48 PDT 2014
On Sat, Sep 20, 2014 at 06:53:06PM +0200, stef wrote:
> On Sat, Sep 20, 2014 at 06:43:56PM +0200, CodesInChaos wrote:
> > Why would you use scrypt for anything except strengthening low entropy
> > secrets (like passwords)?
reason: i'm stupid, wasn't thinking, and had so far no such valuable feedback
as ours.
> > For high entropy secrets there are much simpler and cleaner
> > alternatives, such as HKDF.
>
> excellent observation. with nacl would generic_hash(master_key, some_const, key_size)
> be sufficient as a kdf?
thank you for this useful feedback! i removed scrypt and replaced it with
above suggestion. updated on git.
--
otr fp: https://www.ctrlc.hu/~stef/otr.txt
More information about the cypherpunks
mailing list