From SQRLauth.net
Jump to: navigation, search

EnScrypt is a memory hard Password Based Key Derivation Function (PBKDF) in which we chain multiple iterations of Scrypt in a manner similar to PBKDF2.

Scrypt requires a large amount of memory (more than the processor's cache), forcing the computer to use slower RAM. This makes it extremely resistant to brute force attacks, even those using dedicated hardware. By chaining multiple EnScrypt iterations, we can control the amount of time required to derive the key, using more iterations for a stronger key. We call the resulting function EnScrypt. More details are available here.

Enscrypt is used in SQRL to protect the user's Identity Keys when they are stored on disk. See Secure Storage System for the details.

Scrypt Parameters

For SQRL, we've settled on some standard parameters to provide the level of security we require:

  • Output = 32 bytes
  • p = 1
  • N = 512 ( 1<<9 )
  • r = 256