Skip to main content

Last Call Review of draft-josefsson-scrypt-kdf-03
review-josefsson-scrypt-kdf-03-secdir-lc-salowey-2015-09-17-00

Request Review of draft-josefsson-scrypt-kdf
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-09-07
Requested 2015-08-13
Authors Colin Percival , Simon Josefsson
Draft last updated 2015-09-17
Completed reviews Genart Last Call review of -03 by Paul Kyzivat (diff)
Genart Telechat review of -04 by Paul Kyzivat (diff)
Secdir Last Call review of -03 by Joseph A. Salowey (diff)
Assignment Reviewer Joseph A. Salowey
State Completed
Review review-josefsson-scrypt-kdf-03-secdir-lc-salowey-2015-09-17
Reviewed revision 03 (document currently at 05)
Result Has Issues
Completed 2015-09-17
review-josefsson-scrypt-kdf-03-secdir-lc-salowey-2015-09-17-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors
and document authors.

I think this document is ready with issues.   The document describes a password
to key function, scrypt, based on memory hard functions to make it more
expensive and difficult to develop specialized hardware to obtain the password
from a recovered key.  I'd like to see this document published.  A few issues
are listed below.

First, I think Paul Kyzivat's GenArt review.

http://mailarchive.ietf.org/arch/msg/gen-art/fToZiioHo-6x5ZRQWNcTr-aUYVk

, raised some points that could help the readability of the document.

Second, the script algorithm has several parameters, but the document has very
little discussion on how to choose those parameters or what they affect (this
is also pointed out in Paul's message).  It would be good to have some
discussion or guidance for parameter selection in the security considerations.

Cheers,

Joe