crypto.scrypt() #8417
Comments
|
The crypto module only exposes what openssl supports and openssl does not support scrypt. Likewise for HKDF, ref #8418. |
bnoordhuis
added
crypto
|
Surely openssl is just the implementation of much of the Perhaps adding scrypt is a slippery slope, people might start asking for bcrypt. But PBKDF2 is long in the teeth and scrypt is a decent improvement over PBKDF2 and bcrypt. |
|
It restricts what functionality node can expose. We would either have to bundle the scrypt reference implementation or write a sizable chunk of code to wire up the building blocks that openssl does offer. Taking on more dependencies is not something we do lightly and writing cryptographic code, even the kind that just connects the dots, requires very careful scrutiny. It's an interesting exercise but given the choice I'd rather do neither. (And yes, it's also a slippery slope.) |
|
OpenSSL 1.1.0 added scrypt support. |
This can probably be reopened once #11828 (or it's successor) lands. |
|
Reopening. #20816 is the PR that implements the feature. |
|
Thanks @bnoordhuis ! |
Scrypt is a password-based key derivation function that is designed to be expensive both computationally and memory-wise in order to make brute-force attacks unrewarding. OpenSSL has had support for the scrypt algorithm since v1.1.0. Add a Node.js API modeled after `crypto.pbkdf2()` and `crypto.pbkdf2Sync()`. Changes: * Introduce helpers for copying buffers, collecting openssl errors, etc. * Add new infrastructure for offloading crypto to a worker thread. * Add a `AsyncWrap` JS class to simplify pbkdf2(), randomBytes() and scrypt(). Fixes: #8417 PR-URL: #20816 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Scrypt is a password-based key derivation function that is designed to be expensive both computationally and memory-wise in order to make brute-force attacks unrewarding. OpenSSL has had support for the scrypt algorithm since v1.1.0. Add a Node.js API modeled after `crypto.pbkdf2()` and `crypto.pbkdf2Sync()`. Changes: * Introduce helpers for copying buffers, collecting openssl errors, etc. * Add new infrastructure for offloading crypto to a worker thread. * Add a `AsyncWrap` JS class to simplify pbkdf2(), randomBytes() and scrypt(). Fixes: nodejs#8417 PR-URL: nodejs#20816 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
@indutny would there be any support for adding
scryptSync()andscrypt()to thecryptomodule?There is already support for
PBKDF2butscryptcan offer an order of magnitude or more strength for the same derivation time.The text was updated successfully, but these errors were encountered: