Has anyone besides yourself yet vetted this 'key derivation function' (and perhaps you wouldn't mind shortly explaining the difference between a KDF and a cryptographic hash function)?
Has anyone besides yourself yet vetted this 'key derivation function'
Not yet.
perhaps you wouldn't mind shortly explaining the difference between a KDF and a cryptographic hash function
Cryptographic hash functions produce fixed-length collision-resistant output, ideally as fast as possible. KDFs can normally produce arbitrary lengths of output, and don't need to be fast -- in fact, being fast is a disadvantage, since secure KDFs are expensive to compute (because they need to resist brute-force attacks).
I appreciate your scepticism, but you might do some homework before revealing or announcing ignorance. cperciva is well-known in the relevant fields, and while it may yet be that scrypt doesn't get widely adopted, it won't be because it's not a secure system.
cperciva is well-known in the relevant fields, and while it may yet be that scrypt doesn't get widely adopted, it won't be because it's not a secure system.
I'm assuming what you meant to say is "it won't be because cperciva doesn't know what he's doing."
That's possibly a better way of phrasing it - thank you. Crypto is notoriously difficult, and it's clearly prudent to wait and see what others say, and how it works.
It actually misses my intended point, though. This forum is generally exceptional in the quality of its submissions and comments, which is what makes it even more annoying when someone says:
I don't know this guy. Probably he is really
famous (?), but ...
This amounts to saying "I don't know what I'm talking about, and I'm not going to bother doing any homework before making my ignorance known to you all ..."
No it doesn't. What I was saying is that the word of one person is not sufficient in such matters, no matter how famous the person. Hence there is (imo) no need to do homework on the popularity of the person. I could have done homework on the community opinion towards scrypt, however, I was commenting on the article (which did not cite any community opinions), not on the validity of scrypt. Therefore that kind of homework would not have been necessary in my opinion.
FWIW, I agree entirely that the word of one person isn't enough in matters of crypto and security. I probably agree entirely with most comments on the actual issues of security, etc.
However, it seemed to me from your original comment that you proclaimed ignorance and didn't do any homework. I feel that that is at odds with what is expected of this community.
I think no matter how well known the author, I would still wait a while. Everybody can make mistakes. Probably this scrypt thing has been tested to death by the community already, but the article doesn't give any references to such things, so how would I know?
IMO you're absolutely correct. It's generally frowned upon to select esoteric crypto algorithms of any type if another more widely tested one is available.
I have confidence in the author and high hopes for the algorithm but I believe it prudent to wait for the ink to dry before putting it anywhere it would matter. :)
