RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 7914, "The scrypt Password-Based Key Derivation Function", August 2016

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 5972
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Tobias Nießen
Date Reported: 2020-02-02

Section 5 says:

Input:
         r       Block size parameter.
         B       Input octet vector of length 128 * r octets.
         N       CPU/Memory cost parameter, must be larger than 1,
                 a power of 2, and less than 2^(128 * r / 8).

It should say:

Input:
         r       Block size parameter.
         B       Input octet vector of length 128 * r octets.
         N       CPU/Memory cost parameter, must be larger than 1,
                 and a power of 2.

Notes:

The presented limit on N was incorrectly derived from the original scrypt publication. The correct theoretical upper limit on N is 2^(128 * r) for r < 5, and 2^512 for all other values of r. Thus, the least upper bound is 2^128, which far exceeds all possible values for N in the foreseeable future, making the limit irrelevant for current implementations.

Report New Errata



Advanced Search