forked from TrueCloudLab/restic
Merge pull request #1148 from restic/update-simple-scrypt
Lock simple-scrypt library to master branch
This commit is contained in:
commit
6724b9a583
7 changed files with 148 additions and 20 deletions
6
Gopkg.lock
generated
6
Gopkg.lock
generated
|
@ -14,10 +14,10 @@
|
|||
version = "v1.0.6"
|
||||
|
||||
[[projects]]
|
||||
branch = "master"
|
||||
name = "github.com/elithrar/simple-scrypt"
|
||||
packages = ["."]
|
||||
revision = "47767683c6c880a9f89e48d376c70de7f5268951"
|
||||
version = "v1.1"
|
||||
revision = "6724715de445c2e70cdafb7a1a14c8cfe0984210"
|
||||
|
||||
[[projects]]
|
||||
name = "github.com/go-ini/ini"
|
||||
|
@ -142,6 +142,6 @@
|
|||
[solve-meta]
|
||||
analyzer-name = "dep"
|
||||
analyzer-version = 1
|
||||
inputs-digest = "10287830033309dd91c5e7e381e1a56cd3bf135fd4e776954232c404c39be210"
|
||||
inputs-digest = "0783f6c5ff3952c10a8ea9ba5e80dcc816e95f9934983b772764b867d9be7eb8"
|
||||
solver-name = "gps-cdcl"
|
||||
solver-version = 1
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
|
||||
[[constraint]]
|
||||
name = "github.com/elithrar/simple-scrypt"
|
||||
version = "1.1.0"
|
||||
branch = "master"
|
||||
|
||||
[[constraint]]
|
||||
name = "github.com/kurin/blazer"
|
||||
|
|
17
vendor/github.com/elithrar/simple-scrypt/.travis.yml
generated
vendored
17
vendor/github.com/elithrar/simple-scrypt/.travis.yml
generated
vendored
|
@ -1,13 +1,16 @@
|
|||
language: go
|
||||
|
||||
sudo: false
|
||||
|
||||
go:
|
||||
- 1.2
|
||||
- 1.3
|
||||
- 1.4
|
||||
- 1.5
|
||||
- tip
|
||||
install:
|
||||
- go get golang.org/x/tools/cmd/vet
|
||||
- 1.2
|
||||
- 1.3
|
||||
- 1.4
|
||||
- 1.5
|
||||
- 1.6
|
||||
- 1.7
|
||||
- tip
|
||||
|
||||
script:
|
||||
- go get -t -v ./...
|
||||
- diff -u <(echo -n) <(gofmt -d -s .)
|
||||
|
|
57
vendor/github.com/elithrar/simple-scrypt/README.md
generated
vendored
57
vendor/github.com/elithrar/simple-scrypt/README.md
generated
vendored
|
@ -16,6 +16,14 @@ The API closely mirrors Go's [bcrypt](https://golang.org/x/crypto/bcrypt)
|
|||
library in an effort to make it easy to migrate—and because it's an easy to grok
|
||||
API.
|
||||
|
||||
## Installation
|
||||
|
||||
With a [working Go toolchain](https://golang.org/doc/code.html):
|
||||
|
||||
```sh
|
||||
go get -u github.com/elithrar/simple-scrypt
|
||||
```
|
||||
|
||||
## Example
|
||||
|
||||
simple-scrypt doesn't try to re-invent the wheel or do anything "special". It
|
||||
|
@ -95,14 +103,51 @@ func main() {
|
|||
}
|
||||
```
|
||||
|
||||
## TO-DO:
|
||||
## Automatically Determining Parameters
|
||||
|
||||
The following features are planned. PRs are welcome.
|
||||
Thanks to the work by [tgulacsi](https://github.com/tgulacsi), you can have simple-scrypt
|
||||
automatically determine the optimal parameters for you (time vs. memory). You should run this once
|
||||
on program startup, as calibrating parameters can be an expensive operation.
|
||||
|
||||
- [x] Tag a release build.
|
||||
- [x] Automatically calculate "optimal" values for N, r, p similar [to the Ruby scrypt library](https://github.com/pbhogan/scrypt/blob/master/lib/scrypt.rb#L97-L146)
|
||||
e.g. `func Calibrate(duration int, mem int, fallback Params) (Params, error)`
|
||||
- contributed thanks to @tgulacsi.
|
||||
```go
|
||||
var params scrypt.Params
|
||||
|
||||
func main() {
|
||||
var err error
|
||||
// 500ms, 64MB of RAM per hash.
|
||||
params, err = scrypt.Calibrate(500*time.Millisecond, 64, Params{})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
...
|
||||
}
|
||||
|
||||
func RegisterUserHandler(w http.ResponseWriter, r *http.Request) {
|
||||
err := r.ParseForm()
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// Make sure you validate: not empty, not too long, etc.
|
||||
email := r.PostFormValue("email")
|
||||
pass := r.PostFormValue("password")
|
||||
|
||||
// Use our calibrated parameters
|
||||
hash, err := scrypt.GenerateFromPassword([]byte(pass), params)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// Save to DB, etc.
|
||||
}
|
||||
```
|
||||
|
||||
Be aware that increasing these, whilst making it harder to brute-force the resulting hash, also
|
||||
increases the risk of a denial-of-service attack against your server. A surge in authenticate
|
||||
attempts (even if legitimate!) could consume all available resources.
|
||||
|
||||
## License
|
||||
|
||||
|
|
80
vendor/github.com/elithrar/simple-scrypt/compositor.json
generated
vendored
Normal file
80
vendor/github.com/elithrar/simple-scrypt/compositor.json
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
2
vendor/github.com/elithrar/simple-scrypt/scrypt.go
generated
vendored
2
vendor/github.com/elithrar/simple-scrypt/scrypt.go
generated
vendored
|
@ -260,7 +260,7 @@ func Calibrate(timeout time.Duration, memMiBytes int, params Params) (Params, er
|
|||
var again bool
|
||||
memBytes := memMiBytes << 20
|
||||
// If we'd use more memory then the allowed, we can tune the memory usage
|
||||
for 128*p.R*p.N > memBytes {
|
||||
for 128*int64(p.R)*int64(p.N) > int64(memBytes) {
|
||||
if p.R > 1 {
|
||||
// by lowering r
|
||||
p.R--
|
||||
|
|
4
vendor/github.com/elithrar/simple-scrypt/scrypt_test.go
generated
vendored
4
vendor/github.com/elithrar/simple-scrypt/scrypt_test.go
generated
vendored
|
@ -23,11 +23,11 @@ var testParams = []struct {
|
|||
{true, Params{1048576, 8, 2, 64, 128}},
|
||||
{false, Params{-1, 8, 1, 16, 32}}, // invalid N
|
||||
{false, Params{0, 8, 1, 16, 32}}, // invalid N
|
||||
{false, Params{1 << 31, 8, 1, 16, 32}}, // invalid N
|
||||
{false, Params{1<<31 - 1, 8, 1, 16, 32}}, // invalid N
|
||||
{false, Params{16384, 0, 12, 16, 32}}, // invalid R
|
||||
{false, Params{16384, 8, 0, 16, 32}}, // invalid R > maxInt/128/P
|
||||
{false, Params{16384, 1 << 24, 1, 16, 32}}, // invalid R > maxInt/256
|
||||
{false, Params{1 << 31, 8, 0, 16, 32}}, // invalid p < 0
|
||||
{false, Params{1<<31 - 1, 8, 0, 16, 32}}, // invalid p < 0
|
||||
{false, Params{4096, 8, 1, 5, 32}}, // invalid SaltLen
|
||||
{false, Params{4096, 8, 1, 16, 2}}, // invalid DKLen
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue