Merge pull request #1148 from restic/update-simple-scrypt

Lock simple-scrypt library to master branch
This commit is contained in:
Alexander Neumann 2017-08-05 20:04:33 +02:00
commit 6724b9a583
7 changed files with 148 additions and 20 deletions

6
Gopkg.lock generated
View file

@ -14,10 +14,10 @@
version = "v1.0.6" version = "v1.0.6"
[[projects]] [[projects]]
branch = "master"
name = "github.com/elithrar/simple-scrypt" name = "github.com/elithrar/simple-scrypt"
packages = ["."] packages = ["."]
revision = "47767683c6c880a9f89e48d376c70de7f5268951" revision = "6724715de445c2e70cdafb7a1a14c8cfe0984210"
version = "v1.1"
[[projects]] [[projects]]
name = "github.com/go-ini/ini" name = "github.com/go-ini/ini"
@ -142,6 +142,6 @@
[solve-meta] [solve-meta]
analyzer-name = "dep" analyzer-name = "dep"
analyzer-version = 1 analyzer-version = 1
inputs-digest = "10287830033309dd91c5e7e381e1a56cd3bf135fd4e776954232c404c39be210" inputs-digest = "0783f6c5ff3952c10a8ea9ba5e80dcc816e95f9934983b772764b867d9be7eb8"
solver-name = "gps-cdcl" solver-name = "gps-cdcl"
solver-version = 1 solver-version = 1

View file

@ -27,7 +27,7 @@
[[constraint]] [[constraint]]
name = "github.com/elithrar/simple-scrypt" name = "github.com/elithrar/simple-scrypt"
version = "1.1.0" branch = "master"
[[constraint]] [[constraint]]
name = "github.com/kurin/blazer" name = "github.com/kurin/blazer"

View file

@ -1,13 +1,16 @@
language: go language: go
sudo: false sudo: false
go: go:
- 1.2 - 1.2
- 1.3 - 1.3
- 1.4 - 1.4
- 1.5 - 1.5
- 1.6
- 1.7
- tip - tip
install:
- go get golang.org/x/tools/cmd/vet
script: script:
- go get -t -v ./... - go get -t -v ./...
- diff -u <(echo -n) <(gofmt -d -s .) - diff -u <(echo -n) <(gofmt -d -s .)

View file

@ -16,6 +16,14 @@ The API closely mirrors Go's [bcrypt](https://golang.org/x/crypto/bcrypt)
library in an effort to make it easy to migrate—and because it's an easy to grok library in an effort to make it easy to migrate—and because it's an easy to grok
API. API.
## Installation
With a [working Go toolchain](https://golang.org/doc/code.html):
```sh
go get -u github.com/elithrar/simple-scrypt
```
## Example ## Example
simple-scrypt doesn't try to re-invent the wheel or do anything "special". It simple-scrypt doesn't try to re-invent the wheel or do anything "special". It
@ -95,14 +103,51 @@ func main() {
} }
``` ```
## TO-DO: ## Automatically Determining Parameters
The following features are planned. PRs are welcome. Thanks to the work by [tgulacsi](https://github.com/tgulacsi), you can have simple-scrypt
automatically determine the optimal parameters for you (time vs. memory). You should run this once
on program startup, as calibrating parameters can be an expensive operation.
- [x] Tag a release build. ```go
- [x] Automatically calculate "optimal" values for N, r, p similar [to the Ruby scrypt library](https://github.com/pbhogan/scrypt/blob/master/lib/scrypt.rb#L97-L146) var params scrypt.Params
e.g. `func Calibrate(duration int, mem int, fallback Params) (Params, error)`
- contributed thanks to @tgulacsi. func main() {
var err error
// 500ms, 64MB of RAM per hash.
params, err = scrypt.Calibrate(500*time.Millisecond, 64, Params{})
if err != nil {
return nil, err
}
...
}
func RegisterUserHandler(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// Make sure you validate: not empty, not too long, etc.
email := r.PostFormValue("email")
pass := r.PostFormValue("password")
// Use our calibrated parameters
hash, err := scrypt.GenerateFromPassword([]byte(pass), params)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// Save to DB, etc.
}
```
Be aware that increasing these, whilst making it harder to brute-force the resulting hash, also
increases the risk of a denial-of-service attack against your server. A surge in authenticate
attempts (even if legitimate!) could consume all available resources.
## License ## License

File diff suppressed because one or more lines are too long

View file

@ -260,7 +260,7 @@ func Calibrate(timeout time.Duration, memMiBytes int, params Params) (Params, er
var again bool var again bool
memBytes := memMiBytes << 20 memBytes := memMiBytes << 20
// If we'd use more memory then the allowed, we can tune the memory usage // If we'd use more memory then the allowed, we can tune the memory usage
for 128*p.R*p.N > memBytes { for 128*int64(p.R)*int64(p.N) > int64(memBytes) {
if p.R > 1 { if p.R > 1 {
// by lowering r // by lowering r
p.R-- p.R--

View file

@ -23,11 +23,11 @@ var testParams = []struct {
{true, Params{1048576, 8, 2, 64, 128}}, {true, Params{1048576, 8, 2, 64, 128}},
{false, Params{-1, 8, 1, 16, 32}}, // invalid N {false, Params{-1, 8, 1, 16, 32}}, // invalid N
{false, Params{0, 8, 1, 16, 32}}, // invalid N {false, Params{0, 8, 1, 16, 32}}, // invalid N
{false, Params{1 << 31, 8, 1, 16, 32}}, // invalid N {false, Params{1<<31 - 1, 8, 1, 16, 32}}, // invalid N
{false, Params{16384, 0, 12, 16, 32}}, // invalid R {false, Params{16384, 0, 12, 16, 32}}, // invalid R
{false, Params{16384, 8, 0, 16, 32}}, // invalid R > maxInt/128/P {false, Params{16384, 8, 0, 16, 32}}, // invalid R > maxInt/128/P
{false, Params{16384, 1 << 24, 1, 16, 32}}, // invalid R > maxInt/256 {false, Params{16384, 1 << 24, 1, 16, 32}}, // invalid R > maxInt/256
{false, Params{1 << 31, 8, 0, 16, 32}}, // invalid p < 0 {false, Params{1<<31 - 1, 8, 0, 16, 32}}, // invalid p < 0
{false, Params{4096, 8, 1, 5, 32}}, // invalid SaltLen {false, Params{4096, 8, 1, 5, 32}}, // invalid SaltLen
{false, Params{4096, 8, 1, 16, 2}}, // invalid DKLen {false, Params{4096, 8, 1, 16, 2}}, // invalid DKLen
} }