|
|
|
|
|
|
by technion
3200 days ago
|
|
|
> The post also mentions a "non-approved KDF" elsewhere, but doesn't say what it is. Reading the source code, it appears to be a continuation of the theme of complaints against scrypt. Z1, Z2 = scrypt(S, password) # split 256-bit output into two halves
Honestly what's wrong here is not that the assertions are debatable, but the way it goes on the attack, calling people who apparently knew what they were doing "rookies" and such. |
|
|