[cryptography] Designing a key stretching crypto that maximize use of WebCrypto?
Fabio Pietrosanti (naif) - lists
lists at infosecurity.ch
Thu May 14 10:11:15 EDT 2015
On 5/14/15 2:29 PM, Jeffrey Walton wrote:
> Just bike shedding, but I don't think that's fair to WebCrypto.
> WebCrypto provides a standard set of primitives, like hahses. But the
> selected hashes are designed to be fast, and not slow or memory hard.
> So comparing a WebCrypto PBKDF based on SHA-X is akin to comparing
> apples and oranges.
I agree, i understand, but my point is as that given a specific
constraint (ie: waiting 10s for number crunching in a browser with some
JS code to do key-stretching) what's best?
b) design something new re-using existing fast
for the same 10s achieve a better security strength improvement ?
For example, can we achieve an scrypt-like approach re-using for the
most computational intensive operations the existing
native-crypto-primitives available from webcrypto?
> Also see https://lists.w3.org/Archives/Public/public-webapps/2015JanMar/0706.html.
Lovely, but that sounds like to be a long path. I will subscribe to the
mailing list and support it!
More information about the cryptography