[cryptography] Designing a key stretching crypto that maximize use of WebCrypto?

Fabio Pietrosanti (naif) - lists lists at infosecurity.ch
Thu May 14 10:11:15 EDT 2015

On 5/14/15 2:29 PM, Jeffrey Walton wrote:
> Just bike shedding, but I don't think that's fair to WebCrypto.
> WebCrypto provides a standard set of primitives, like hahses. But the
> selected hashes are designed to be fast, and not slow or memory hard.
> So comparing a WebCrypto PBKDF based on SHA-X is akin to comparing
> apples and oranges.

I agree, i understand, but my point is as that given a specific
constraint (ie: waiting 10s for number crunching in a browser with some
JS code to do key-stretching) what's best?

a) an entirely non-native javascript based scrypt for 10s
b) design something new re-using existing fast
native-webcrypto-primitives with some non-native javascript code running
for the same 10s achieve a better security strength improvement ?

For example, can we achieve an scrypt-like approach re-using for the
most computational intensive operations the existing
native-crypto-primitives available from webcrypto?

> Also see https://lists.w3.org/Archives/Public/public-webapps/2015JanMar/0706.html.
Lovely, but that sounds like to be a long path. I will subscribe to the
mailing list and support it!


More information about the cryptography mailing list