Scrypt是一种基于时间-内存权衡的加密算法,旨在通过平衡计算和内存使用来抵御大规模并行攻击。它在生成衍生密钥时需要大量内存,以防止攻击者通过减少内存需求来加速计算。算法参数包括Passphrase、Salt、N、p、dkLen、r和hLen。Scrypt被广泛应用于加密货币如莱特币中,以提高安全性。
看了一圈觉得还是WikiPedia的比较通俗靠谱:
Overview
The large memory requirements of scrypt come from a large vector of pseudorandom bit strings that are generated as part of the algorithm. Once the vector is generated, the elements of it are accessed in a pseudo-random order and combined to produce the derived key. A straightforward implementation would need to keep the entire vector in RAM so that it can be accessed as needed.
Because the elements of the vector are generated algorithmically, each element could be generated on the fly as needed, only storing one element in memory at a time and therefore cutting the memory requirements significantly. However, the generation of each element is intended to be computationally expensive, and the elements are expected to be accessed many times throughout the execution of the function. Thus there is a significant trade-off in speed in order to get rid of the large memory requirements.
This sort of time–memory trade-off often exists in computer algorithms: speed can be increased at the cost of using more memory, or memory requirements decreased at the cost of performing more operations and taking longer. The idea behind scrypt is to deliberately make this trade-off costly in either direction. Thus an attacker could use an implementation that doesn’t require many resources (and can therefore be massively parallelized with limited expense) but runs very slowly, or use an implementation that runs more quickly but has very large memory requirements and is therefore more expensive to parallelize.
Algorithm
The algorithm includes the following parameters:
- Passphrase - The string of characters to be hashed.
- Salt - A strin
最低0.47元/天 解锁文章
扫一扫
5344
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
