[issue39979] Cannot tune scrypt with large enough parameters
Gle
report at bugs.python.org
Mon Mar 16 12:17:28 EDT 2020
New submission from Gle <glen at lambda.casa>:
I can use scrypt KDF with the cryptography module
https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#cryptography.hazmat.primitives.kdf.scrypt.Scrypt
with large parameters (n=2**20, r=16, p=1)
On the other hand, using scrypt KDF from hashlib with the same parameters yields "Invalid combination of n, r, p, maxmem" (I use maxmem=0).
Shouldn't they behave the same ? As they both seem to be wrappers around OpenSSL ?
I've also included a set of functioning parameters as hashlib's scrypt works fine on small parameter values.
Notice that the output from hashlib's scrypt is different than the output from the cryptography module. Shouldn't they be the same ? (I'm no cryptography expert)
I would really like to be able to use scrypt for hardened password hashing using only python standard library's hashlib. Maybe I'm missing something ?
Python is great ! Thanks for all the good work !
----------
components: Library (Lib)
files: compare.py
messages: 364334
nosy: Gle, christian.heimes, gregory.p.smith
priority: normal
severity: normal
status: open
title: Cannot tune scrypt with large enough parameters
type: crash
versions: Python 3.8
Added file: https://bugs.python.org/file48977/compare.py
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue39979>
_______________________________________
More information about the Python-bugs-list
mailing list