|
|
|
|
|
|
by microcolonel
3199 days ago
|
|
|
Also note: scrypt ends with a PBKDF2 round, so if PBKDF2 is acceptable then scrypt may not actually be a problem. Legally speaking you might be able to ignore the use of the SMIX (including Salsa20) and the HMAC entirely as long as the final PBKDF2 uses a FIPS 140-2 acceptable hash function. |
|
|
Um, no. But thanks for playing. For those who wish to argue that everything that precedes PBKDF2 in scrypt should be considered as "key extraction", you should read NIST SP800-56c, also referenced by FIPS-140-2 Annex-D (tldr: scrypt does not fly). Welcome to USG infosec compliance.