forked from TrueCloudLab/restic
Merge pull request #1148 from restic/update-simple-scrypt
Lock simple-scrypt library to master branch
This commit is contained in:
commit
6724b9a583
7 changed files with 148 additions and 20 deletions
6
Gopkg.lock
generated
6
Gopkg.lock
generated
|
@ -14,10 +14,10 @@
|
||||||
version = "v1.0.6"
|
version = "v1.0.6"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
|
branch = "master"
|
||||||
name = "github.com/elithrar/simple-scrypt"
|
name = "github.com/elithrar/simple-scrypt"
|
||||||
packages = ["."]
|
packages = ["."]
|
||||||
revision = "47767683c6c880a9f89e48d376c70de7f5268951"
|
revision = "6724715de445c2e70cdafb7a1a14c8cfe0984210"
|
||||||
version = "v1.1"
|
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
name = "github.com/go-ini/ini"
|
name = "github.com/go-ini/ini"
|
||||||
|
@ -142,6 +142,6 @@
|
||||||
[solve-meta]
|
[solve-meta]
|
||||||
analyzer-name = "dep"
|
analyzer-name = "dep"
|
||||||
analyzer-version = 1
|
analyzer-version = 1
|
||||||
inputs-digest = "10287830033309dd91c5e7e381e1a56cd3bf135fd4e776954232c404c39be210"
|
inputs-digest = "0783f6c5ff3952c10a8ea9ba5e80dcc816e95f9934983b772764b867d9be7eb8"
|
||||||
solver-name = "gps-cdcl"
|
solver-name = "gps-cdcl"
|
||||||
solver-version = 1
|
solver-version = 1
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
name = "github.com/elithrar/simple-scrypt"
|
name = "github.com/elithrar/simple-scrypt"
|
||||||
version = "1.1.0"
|
branch = "master"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
name = "github.com/kurin/blazer"
|
name = "github.com/kurin/blazer"
|
||||||
|
|
17
vendor/github.com/elithrar/simple-scrypt/.travis.yml
generated
vendored
17
vendor/github.com/elithrar/simple-scrypt/.travis.yml
generated
vendored
|
@ -1,13 +1,16 @@
|
||||||
language: go
|
language: go
|
||||||
|
|
||||||
sudo: false
|
sudo: false
|
||||||
|
|
||||||
go:
|
go:
|
||||||
- 1.2
|
- 1.2
|
||||||
- 1.3
|
- 1.3
|
||||||
- 1.4
|
- 1.4
|
||||||
- 1.5
|
- 1.5
|
||||||
- tip
|
- 1.6
|
||||||
install:
|
- 1.7
|
||||||
- go get golang.org/x/tools/cmd/vet
|
- tip
|
||||||
|
|
||||||
script:
|
script:
|
||||||
- go get -t -v ./...
|
- go get -t -v ./...
|
||||||
- diff -u <(echo -n) <(gofmt -d -s .)
|
- diff -u <(echo -n) <(gofmt -d -s .)
|
||||||
|
|
57
vendor/github.com/elithrar/simple-scrypt/README.md
generated
vendored
57
vendor/github.com/elithrar/simple-scrypt/README.md
generated
vendored
|
@ -16,6 +16,14 @@ The API closely mirrors Go's [bcrypt](https://golang.org/x/crypto/bcrypt)
|
||||||
library in an effort to make it easy to migrate—and because it's an easy to grok
|
library in an effort to make it easy to migrate—and because it's an easy to grok
|
||||||
API.
|
API.
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
|
||||||
|
With a [working Go toolchain](https://golang.org/doc/code.html):
|
||||||
|
|
||||||
|
```sh
|
||||||
|
go get -u github.com/elithrar/simple-scrypt
|
||||||
|
```
|
||||||
|
|
||||||
## Example
|
## Example
|
||||||
|
|
||||||
simple-scrypt doesn't try to re-invent the wheel or do anything "special". It
|
simple-scrypt doesn't try to re-invent the wheel or do anything "special". It
|
||||||
|
@ -95,14 +103,51 @@ func main() {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
## TO-DO:
|
## Automatically Determining Parameters
|
||||||
|
|
||||||
The following features are planned. PRs are welcome.
|
Thanks to the work by [tgulacsi](https://github.com/tgulacsi), you can have simple-scrypt
|
||||||
|
automatically determine the optimal parameters for you (time vs. memory). You should run this once
|
||||||
|
on program startup, as calibrating parameters can be an expensive operation.
|
||||||
|
|
||||||
- [x] Tag a release build.
|
```go
|
||||||
- [x] Automatically calculate "optimal" values for N, r, p similar [to the Ruby scrypt library](https://github.com/pbhogan/scrypt/blob/master/lib/scrypt.rb#L97-L146)
|
var params scrypt.Params
|
||||||
e.g. `func Calibrate(duration int, mem int, fallback Params) (Params, error)`
|
|
||||||
- contributed thanks to @tgulacsi.
|
func main() {
|
||||||
|
var err error
|
||||||
|
// 500ms, 64MB of RAM per hash.
|
||||||
|
params, err = scrypt.Calibrate(500*time.Millisecond, 64, Params{})
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
...
|
||||||
|
}
|
||||||
|
|
||||||
|
func RegisterUserHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
|
err := r.ParseForm()
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Make sure you validate: not empty, not too long, etc.
|
||||||
|
email := r.PostFormValue("email")
|
||||||
|
pass := r.PostFormValue("password")
|
||||||
|
|
||||||
|
// Use our calibrated parameters
|
||||||
|
hash, err := scrypt.GenerateFromPassword([]byte(pass), params)
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Save to DB, etc.
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Be aware that increasing these, whilst making it harder to brute-force the resulting hash, also
|
||||||
|
increases the risk of a denial-of-service attack against your server. A surge in authenticate
|
||||||
|
attempts (even if legitimate!) could consume all available resources.
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
|
|
80
vendor/github.com/elithrar/simple-scrypt/compositor.json
generated
vendored
Normal file
80
vendor/github.com/elithrar/simple-scrypt/compositor.json
generated
vendored
Normal file
File diff suppressed because one or more lines are too long
2
vendor/github.com/elithrar/simple-scrypt/scrypt.go
generated
vendored
2
vendor/github.com/elithrar/simple-scrypt/scrypt.go
generated
vendored
|
@ -260,7 +260,7 @@ func Calibrate(timeout time.Duration, memMiBytes int, params Params) (Params, er
|
||||||
var again bool
|
var again bool
|
||||||
memBytes := memMiBytes << 20
|
memBytes := memMiBytes << 20
|
||||||
// If we'd use more memory then the allowed, we can tune the memory usage
|
// If we'd use more memory then the allowed, we can tune the memory usage
|
||||||
for 128*p.R*p.N > memBytes {
|
for 128*int64(p.R)*int64(p.N) > int64(memBytes) {
|
||||||
if p.R > 1 {
|
if p.R > 1 {
|
||||||
// by lowering r
|
// by lowering r
|
||||||
p.R--
|
p.R--
|
||||||
|
|
4
vendor/github.com/elithrar/simple-scrypt/scrypt_test.go
generated
vendored
4
vendor/github.com/elithrar/simple-scrypt/scrypt_test.go
generated
vendored
|
@ -23,11 +23,11 @@ var testParams = []struct {
|
||||||
{true, Params{1048576, 8, 2, 64, 128}},
|
{true, Params{1048576, 8, 2, 64, 128}},
|
||||||
{false, Params{-1, 8, 1, 16, 32}}, // invalid N
|
{false, Params{-1, 8, 1, 16, 32}}, // invalid N
|
||||||
{false, Params{0, 8, 1, 16, 32}}, // invalid N
|
{false, Params{0, 8, 1, 16, 32}}, // invalid N
|
||||||
{false, Params{1 << 31, 8, 1, 16, 32}}, // invalid N
|
{false, Params{1<<31 - 1, 8, 1, 16, 32}}, // invalid N
|
||||||
{false, Params{16384, 0, 12, 16, 32}}, // invalid R
|
{false, Params{16384, 0, 12, 16, 32}}, // invalid R
|
||||||
{false, Params{16384, 8, 0, 16, 32}}, // invalid R > maxInt/128/P
|
{false, Params{16384, 8, 0, 16, 32}}, // invalid R > maxInt/128/P
|
||||||
{false, Params{16384, 1 << 24, 1, 16, 32}}, // invalid R > maxInt/256
|
{false, Params{16384, 1 << 24, 1, 16, 32}}, // invalid R > maxInt/256
|
||||||
{false, Params{1 << 31, 8, 0, 16, 32}}, // invalid p < 0
|
{false, Params{1<<31 - 1, 8, 0, 16, 32}}, // invalid p < 0
|
||||||
{false, Params{4096, 8, 1, 5, 32}}, // invalid SaltLen
|
{false, Params{4096, 8, 1, 5, 32}}, // invalid SaltLen
|
||||||
{false, Params{4096, 8, 1, 16, 2}}, // invalid DKLen
|
{false, Params{4096, 8, 1, 16, 2}}, // invalid DKLen
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue