VirtualBox

source: vbox/trunk/src/libs/openssl-1.1.1f/doc/man7/scrypt.pod@ 83531

Last change on this file since 83531 was 83531, checked in by vboxsync, 5 years ago

setting svn:sync-process=export for openssl-1.1.1f, all files except tests

File size: 3.8 KB
Line 
1=pod
2
3=head1 NAME
4
5scrypt - EVP_PKEY scrypt KDF support
6
7=head1 DESCRIPTION
8
9The EVP_PKEY_SCRYPT algorithm implements the scrypt password based key
10derivation function, as described in RFC 7914. It is memory-hard in the sense
11that it deliberately requires a significant amount of RAM for efficient
12computation. The intention of this is to render brute forcing of passwords on
13systems that lack large amounts of main memory (such as GPUs or ASICs)
14computationally infeasible.
15
16scrypt provides three work factors that can be customized: N, r and p. N, which
17has to be a positive power of two, is the general work factor and scales CPU
18time in an approximately linear fashion. r is the block size of the internally
19used hash function and p is the parallelization factor. Both r and p need to be
20greater than zero. The amount of RAM that scrypt requires for its computation
21is roughly (128 * N * r * p) bytes.
22
23In the original paper of Colin Percival ("Stronger Key Derivation via
24Sequential Memory-Hard Functions", 2009), the suggested values that give a
25computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N =
262^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for
27this computation is roughly 1 GiB. On a more recent CPU (Intel i7-5930K at 3.5
28GHz), this computation takes about 3 seconds. When N, r or p are not specified,
29they default to 1048576, 8, and 1, respectively. The default amount of RAM that
30may be used by scrypt defaults to 1025 MiB.
31
32=head1 NOTES
33
34A context for scrypt can be obtained by calling:
35
36 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL);
37
38The output length of an scrypt key derivation is specified via the
39length parameter to the L<EVP_PKEY_derive(3)> function.
40
41=head1 EXAMPLES
42
43This example derives a 64-byte long test vector using scrypt using the password
44"password", salt "NaCl" and N = 1024, r = 8, p = 16.
45
46 EVP_PKEY_CTX *pctx;
47 unsigned char out[64];
48
49 size_t outlen = sizeof(out);
50 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL);
51
52 if (EVP_PKEY_derive_init(pctx) <= 0) {
53 error("EVP_PKEY_derive_init");
54 }
55 if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) {
56 error("EVP_PKEY_CTX_set1_pbe_pass");
57 }
58 if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) {
59 error("EVP_PKEY_CTX_set1_scrypt_salt");
60 }
61 if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) {
62 error("EVP_PKEY_CTX_set_scrypt_N");
63 }
64 if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) {
65 error("EVP_PKEY_CTX_set_scrypt_r");
66 }
67 if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) {
68 error("EVP_PKEY_CTX_set_scrypt_p");
69 }
70 if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
71 error("EVP_PKEY_derive");
72 }
73
74 {
75 const unsigned char expected[sizeof(out)] = {
76 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
77 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
78 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
79 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
80 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
81 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
82 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
83 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
84 };
85
86 assert(!memcmp(out, expected, sizeof(out)));
87 }
88
89 EVP_PKEY_CTX_free(pctx);
90
91=head1 CONFORMING TO
92
93RFC 7914
94
95=head1 SEE ALSO
96
97L<EVP_PKEY_CTX_set1_scrypt_salt(3)>,
98L<EVP_PKEY_CTX_set_scrypt_N(3)>,
99L<EVP_PKEY_CTX_set_scrypt_r(3)>,
100L<EVP_PKEY_CTX_set_scrypt_p(3)>,
101L<EVP_PKEY_CTX_set_scrypt_maxmem_bytes(3)>,
102L<EVP_PKEY_CTX_new(3)>,
103L<EVP_PKEY_CTX_ctrl_str(3)>,
104L<EVP_PKEY_derive(3)>
105
106=head1 COPYRIGHT
107
108Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
109
110Licensed under the OpenSSL license (the "License"). You may not use
111this file except in compliance with the License. You can obtain a copy
112in the file LICENSE in the source distribution or at
113L<https://www.openssl.org/source/license.html>.
114
115=cut
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette