問題描述
我正在使用 Java scrypt 庫 來存儲密碼.當我加密事物時,它需要一個 N、r 和 p 值,其文檔將其稱為CPU 成本"、內存成本""和并行化成本"參數.唯一的問題是,我實際上并不知道它們的具體含義,或者對它們有什么好的價值;也許它們以某種方式對應于 Colin Percival 的原始應用程序 上的 -t、-m 和 -M 開關?
I'm using a Java scrypt library for password storage. It calls for an N, r and p value when I encrypt things, which its documentation refers to as "CPU cost", "memory cost" and "parallelization cost" parameters. Only problem is, I don't actually know what they specifically mean, or what good values would be for them; perhaps they correspond somehow to the -t, -m and -M switches on Colin Percival's original app?
有人對此有什么建議嗎?庫本身列出了 N = 16384, r = 8 和 p = 1,但我不知道這是強還是弱還是什么.
Does anyone have any suggestions for this? The library itself lists N = 16384, r = 8 and p = 1, but I don't know if this is strong or weak or what.
推薦答案
作為開始:
cpercival 在 2009 年的幻燈片中提到 周圍的東西
cpercival mentioned in his slides from 2009 something around
- (N = 2^14, r = 8, p = 1) 對于 <100 毫秒(交互式使用),并且
- (N = 2^20, r = 8, p = 1) 對于 <5s(敏感存儲).
即使在今天(2012 年 9 月),這些值對于一般用途(某些 WebApp 的密碼數據庫)也足夠好.當然,具體取決于應用程序.
These values happen to be good enough for general use (password-db for some WebApp) even today (2012-09). Of course, specifics depend on the application.
此外,這些值(大部分)意味著:
Also, those values (mostly) mean:
N:一般工作因子,迭代次數.r:用于底層哈希的塊大小;微調相對內存成本.p:并行化因子;微調相對 CPU 成本.
N: General work factor, iteration count.r: blocksize in use for underlying hash; fine-tunes the relative memory-cost.p: parallelization factor; fine-tunes the relative cpu-cost.
r 和 p 旨在解決 CPU 速度、內存大小和帶寬未按預期增加的潛在問題.如果 CPU 性能提高得更快,則增加 p,如果內存技術的突破提供一個數量級的改進,則增加 r.N 可以跟上每某些時間跨度的一般性能翻倍.
r and p are meant to accommodate for the potential issue that CPU speed and memory size and bandwidth do not increase as anticipated. Should CPU performance increase faster, you increase p, should instead a breakthrough in memory technology provide an order of magnitude improvement, you increase r. And N is there to keep up with the general doubling of performance per some timespan.
重要提示:所有值都會改變結果.(已更新:)這就是為什么所有 scrypt 參數都存儲在結果字符串中的原因.
Important: All values change the result. (Updated:) This is the reason why all scrypt parameters are stored in the result string.
這篇關于什么是最佳 scrypt 工作因素?的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!