什么是最佳 scrypt 工作因素?
我正在使用 Java scrypt 库 来存储密码.当我加密事物时,它需要一个 N
、r
和 p
值,其文档将其称为CPU 成本"、内存成本""和并行化成本"参数.唯一的问题是,我实际上并不知道它们的具体含义,或者对它们有什么好的价值;也许它们以某种方式对应于 Colin Percival 的原始应用程序 上的 -t、-m 和 -M 开关?
I'm using a Java scrypt library for password storage. It calls for an N
, r
and p
value when I encrypt things, which its documentation refers to as "CPU cost", "memory cost" and "parallelization cost" parameters. Only problem is, I don't actually know what they specifically mean, or what good values would be for them; perhaps they correspond somehow to the -t, -m and -M switches on Colin Percival's original app?
有人对此有什么建议吗?库本身列出了 N = 16384, r = 8 和 p = 1,但我不知道这是强还是弱还是什么.
Does anyone have any suggestions for this? The library itself lists N = 16384, r = 8 and p = 1, but I don't know if this is strong or weak or what.
推荐答案
作为开始:
cpercival 在 2009 年的幻灯片中提到 周围的东西
cpercival mentioned in his slides from 2009 something around
- (N = 2^14, r = 8, p = 1) 对于 <100 毫秒(交互式使用),并且
- (N = 2^20, r = 8, p = 1) 对于 <5s(敏感存储).
即使在今天(2012 年 9 月),这些值对于一般用途(某些 WebApp 的密码数据库)也足够好.当然,具体取决于应用程序.
These values happen to be good enough for general use (password-db for some WebApp) even today (2012-09). Of course, specifics depend on the application.
此外,这些值(大部分)意味着:
Also, those values (mostly) mean:
N
:一般工作因子,迭代次数.r
:用于底层哈希的块大小;微调相对内存成本.p
:并行化因子;微调相对 CPU 成本.
N
: General work factor, iteration count.r
: blocksize in use for underlying hash; fine-tunes the relative memory-cost.p
: parallelization factor; fine-tunes the relative cpu-cost.
r
和 p
旨在解决 CPU 速度、内存大小和带宽未按预期增加的潜在问题.如果 CPU 性能提高得更快,则增加 p
,如果内存技术的突破提供一个数量级的改进,则增加 r
.N
可以跟上每某些时间跨度的一般性能翻倍.
r
and p
are meant to accommodate for the potential issue that CPU speed and memory size and bandwidth do not increase as anticipated. Should CPU performance increase faster, you increase p
, should instead a breakthrough in memory technology provide an order of magnitude improvement, you increase r
. And N
is there to keep up with the general doubling of performance per some timespan.
重要提示:所有值都会改变结果.(已更新:)这就是为什么所有 scrypt 参数都存储在结果字符串中的原因.
Important: All values change the result. (Updated:) This is the reason why all scrypt parameters are stored in the result string.
相关文章