Java: Bouncy Castle scrypt implementation

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Java: Bouncy Castle scrypt implementation

Marek Puchalski
Hello List,

I have recently found out that Bouncy Castle provides its own scrypt implementation. It was a bit unexpected. I have used Wikipedia [1] to get an overview over the scrypt providers. Bouncy Castle was not mentioned there.

The class is not documented (no javadoc), the only comments I have found in code are two TODOs [2].

Finding code examples from someone actually using this implementation are also rare. I haven't seen scrypt being provided as a service over the JCA API either.

I have following questions:
1. Is the provided scrypt a 'real thing'? I'd love to use the class, but I have mixed emotions about the state of code and the documentation of the class.
2. Is it possible to use scrypt over the JCA provider API, or should I call the method directly as it is static anyway?

Best regards,
Marek Puchalski

PS. I have also asked a similar question on stack overflow [3].


[1] http://en.wikipedia.org/wiki/Scrypt#Implementations.2C_wrappers.2C_and_distributions
[2] http://grepcode.com/file/repo1.maven.org/maven2/org.bouncycastle/bcprov-jdk15on/1.47/org/bouncycastle/crypto/generators/SCrypt.java
[3] http://stackoverflow.com/questions/22226867/bouncy-castle-scrypt-implementation
Reply | Threaded
Open this post in threaded view
|

Re: Java: Bouncy Castle scrypt implementation

Philipp Heckel

I second that. I'd also be interested in using scrypt -- and I had the same reservations.

On 2014-03-07 15:05, Marek Puchalski wrote:

Hello List,

I have recently found out that Bouncy Castle provides its own scrypt implementation. It was a bit unexpected. I have used Wikipedia [1] to get an overview over the scrypt providers. Bouncy Castle was not mentioned there.

The class is not documented (no javadoc), the only comments I have found in code are two TODOs [2].

Finding code examples from someone actually using this implementation are also rare. I haven't seen scrypt being provided as a service over the JCA API either.

I have following questions:
1. Is the provided scrypt a 'real thing'? I'd love to use the class, but I have mixed emotions about the state of code and the documentation of the class.
2. Is it possible to use scrypt over the JCA provider API, or should I call the method directly as it is static anyway?

Best regards,
Marek Puchalski

PS. I have also asked a similar question on stack overflow [3].


[1] http://en.wikipedia.org/wiki/Scrypt#Implementations.2C_wrappers.2C_and_distributions
[2] http://grepcode.com/file/repo1.maven.org/maven2/org.bouncycastle/bcprov-jdk15on/1.47/org/bouncycastle/crypto/generators/SCrypt.java
[3] http://stackoverflow.com/questions/22226867/bouncy-castle-scrypt-implementation

 

 
Reply | Threaded
Open this post in threaded view
|

Re: Java: Bouncy Castle scrypt implementation

Tim Whittington-2
Yes the scrypt implementation is a real thing - that is to say the code is there, and it passes the official test vectors.

A couple of caveats: the implementation doesn’t exploit all parallelism/optimisations that password crackers will, so there’s a bit of defender/attacker asymmetry.
Scrypt is also based on the Salsa20 code function, and Salsa20 performs relatively poorly in Java (on par with AES) while performing awesomely (maybe 4-5x quicker) on platforms with SIMD capabilities.

Scrypt isn’t exposed by the BC JCE provider - perhaps I’d say because the JCE only has very primitive expressions of a cost function for PBE (in the form of an interation count).
Scrypt has two cost parameters, so it can’t be trivially forced into that API.

If there’s enough demand I guess it could be exposed through JCE with a hard-coded parallelisation parameter or a BC specific parameter spec.

cheers
tim


On 8/03/2014, at 3:26 am, Philipp Heckel <[hidden email]> wrote:

I second that. I'd also be interested in using scrypt -- and I had the same reservations.

On 2014-03-07 15:05, Marek Puchalski wrote:

Hello List,

I have recently found out that Bouncy Castle provides its own scrypt implementation. It was a bit unexpected. I have used Wikipedia [1] to get an overview over the scrypt providers. Bouncy Castle was not mentioned there.

The class is not documented (no javadoc), the only comments I have found in code are two TODOs [2].

Finding code examples from someone actually using this implementation are also rare. I haven't seen scrypt being provided as a service over the JCA API either.

I have following questions:
1. Is the provided scrypt a 'real thing'? I'd love to use the class, but I have mixed emotions about the state of code and the documentation of the class.
2. Is it possible to use scrypt over the JCA provider API, or should I call the method directly as it is static anyway?

Best regards,
Marek Puchalski

PS. I have also asked a similar question on stack overflow [3].


[1] http://en.wikipedia.org/wiki/Scrypt#Implementations.2C_wrappers.2C_and_distributions
[2] http://grepcode.com/file/repo1.maven.org/maven2/org.bouncycastle/bcprov-jdk15on/1.47/org/bouncycastle/crypto/generators/SCrypt.java
[3] http://stackoverflow.com/questions/22226867/bouncy-castle-scrypt-implementation