Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

scrypt: recommending larger values in 2021 #184

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

scrypt: recommending larger values in 2021 #184

wants to merge 1 commit into from
+4 −4

Conversation

karelbilek
Copy link

I have noticed the values kept being from 2017, despite single-core
performance getting faster, for example with Apple's ARM M1 offering.

So, I re-tested the N parameter, with the code from here

https://blog.filippo.io/the-scrypt-parameters/

The results, on M1 Macbook Air:

N = 2^14 26ms
N = 2^15 53ms
N = 2^16 108ms
N = 2^17 219ms
N = 2^18 441ms
N = 2^19 901ms
N = 2^20 1778ms
N = 2^21 3675ms
N = 2^22 7530ms

strictly speaking, it should be 2^15, but this is an entry-level laptop and 108 ms is almost 100, so I increased N.

I do not really understand r, but, according to this discussion

https://news.ycombinator.com/item?id=25660467

M1 has double cache line size, so I doubled r.

I don't really expect this to be accepted I guess - IETF still recommends the lower values, in 2021 -
https://tools.ietf.org/id/draft-ietf-kitten-password-storage-01.html -
but I guess to open a discussion?

@google-cla
Copy link

google-cla bot commented May 17, 2021

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and then comment @googlebot I fixed it.. If the bot doesn't comment, it means it doesn't think anything has changed.

ℹ️ Googlers: Go here for more info.

@google-cla google-cla bot added the cla: no label May 17, 2021
@karelbilek karelbilek changed the title Recommending larger values in 2021 scrypt: Recommending larger values in 2021 May 17, 2021
scrypt: recommending larger values in 2021
d9e526e 
I have noticed the values kept being from 2017, despite single-core
performance getting faster, for example with Apple's ARM M1 offering.

So, I re-tested the N parameter, with the code from here

https://blog.filippo.io/the-scrypt-parameters/

The results, on M1 Macbook Air:

N = 2^14        26ms
N = 2^15        53ms
N = 2^16        108ms
N = 2^17        219ms
N = 2^18        441ms
N = 2^19        901ms
N = 2^20        1778ms
N = 2^21        3675ms
N = 2^22        7530ms

strictly speaking, it should be 2^15, but this is an entry-level laptop and 108 ms is almost 100, so I increased N.

I do not really understand r, but, according to this discussion

https://news.ycombinator.com/item?id=25660467

M1 has double cache line size, so I doubled r.

I don't really expect this to be accepted I guess - IETF still recommends the lower values, in 2021 -
https://tools.ietf.org/id/draft-ietf-kitten-password-storage-01.html -
but I guess to open a discussion?
@google-cla google-cla bot added cla: yes and removed cla: no labels May 17, 2021
@karelbilek karelbilek changed the title scrypt: Recommending larger values in 2021 scrypt: recommending larger values in 2021 May 17, 2021
@gopherbot
Copy link
Contributor

This PR (HEAD: d9e526e) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/crypto/+/320390 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

@gopherbot
Copy link
Contributor

Message from Go Bot:

Patch Set 1:

Congratulations on opening your first change. Thank you for your contribution!

Next steps:
A maintainer will review your change and provide feedback. See
https://golang.org/doc/contribute.html#review for more info and tips to get your
patch through code review.

Most changes in the Go project go through a few rounds of revision. This can be
surprising to people new to the project. The careful, iterative review process
is our way of helping mentor contributors and ensuring that their contributions
have a lasting impact.

During May-July and Nov-Jan the Go project is in a code freeze, during which
little code gets reviewed or merged. If a reviewer responds with a comment like
R=go1.11 or adds a tag like "wait-release", it means that this CL will be
reviewed as part of the next development cycle. See https://golang.org/s/release
for more details.

Please don’t reply on this GitHub thread. Visit golang.org/cl/320390.
After addressing review feedback, remember to publish your drafts!

@karelbilek
Copy link
Author

The new M1 chips (fall 2021) seem to be even faster; but the single-core performance is actually very similar. So I think this won't move the numbers that much.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@karelbilek @gopherbot