|
Message-ID: <20240821161706.GA14488@openwall.com> Date: Wed, 21 Aug 2024 18:17:06 +0200 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com, yescrypt@...ts.openwall.com Subject: yescrypt-go 1.0.0 Hi, yescrypt is a password-based key derivation function (KDF) and password hashing scheme. It builds upon scrypt, and our original implementation in C is able to compute native yescrypt hashes as well as classic scrypt. This original implementation is also integrated in libxcrypt, which exposes a subset of its functionality as used for password hashing on modern Linux distros. This is to announce the first release of yescrypt-go, which is our pure Go reimplementation of yescrypt. It currently supports (only a little more than) the subset of yescrypt parameters that libxcrypt can generate (as of libxcrypt 4.4.36), and it is also able to compute classic scrypt. yescrypt-go is available right on the main yescrypt homepage, as well as on GitHub as linked from there: https://www.openwall.com/yescrypt/ This release has been sponsored by Sandfly Security, provider of agentless Linux security and incident response: https://sandflysecurity.com/about-us/news/sandfly-5-1-1-important-performance-upgrade-and-yescrypt-support/ yescrypt-go builds upon Dmitry Chestnykh's implementation of scrypt in Go, integrates all Go x/crypto changes to it as of mid-2024, and finally adds my implementation of yescrypt (along with revision of the code shared with scrypt to make it also suitable for yescrypt). Dmitry has also helped review yescrypt-go to make it more idiomatic. The Go module currently exposes 3 functions: yescrypt.ScryptKey(), which is compatible with Go x/crypto scrypt.Key(), but may slightly differ in performance (in my testing is either the same or slightly faster, varying by parameter values) yescrypt.Key(), which computes the native yescrypt KDF (but is currently limited in what parameters it supports) yescrypt.Hash(), which computes a yescrypt hash encoding compatible with our C implementation's and libxcrypt's crypt(3), so it can be used for authentication against Linux distros' yescrypt password hashes The lighter feature set of yescrypt-go 1.0.0 compared to the C yescrypt, as well as its semantically separated git commits history, also make it useful as reference for initial implementations in other languages. The full yescrypt may look complicated, but yescrypt-go is now quite simple. yescrypt.go implementing the *Key() functions is 394 lines (345 loc), and yescrypt_wrapper.go implementing Hash() is 117 lines (103 loc). Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.