|
|
|
|
|
|
by trapperkeeper74
3185 days ago
|
|
|
Scrypt is tweakable for RAM and runtime constraints. From that PBKDF, it would make sense to use something like HMAC-SHA2 with another magic nonce, and then private information plus previous PBKDF output hash together as the authenticated part. If you want to get really tricky, add another random secret hash. And, they probably should’ve used HMAC-SHA2 to derive the public primary index key insead of a hash function directly. |
|
|