2

I've been using the library and I really like it, but from what I have read PBKDF2 is a bit more vulnerable to brute force attacks than bcrypt or scrypt. I came across this issue about adding scrypt support, but there doesn't seem to be a clear answer.

Ideally, I would like to simply drop in a replacement for the PBKDF2 functionality, but I'm not familiar enough with SJCL's inner workings to know if this is possible.

If it was possible, you could use something like this pure JS bcrypt implementation fairly easily I would imagine.

Dominic P
  • 2,284
  • 2
  • 27
  • 46

1 Answers1

3

Yes that is possible but needs more manual work. First you need to compile sjcl with scrypt:

./configure --with-scrypt
make

Then you will have to use scrypt to generate a key pair:

var salt = sjcl.random.randomWords(2,0);
var key = sjcl.misc.scrypt(password, salt);
var encrypted = sjcl.json.encrypt(key, original);
var decrypted = sjcl.json.decrypt(key, encrypted);
Nils
  • 251
  • 3
  • 13
  • Thanks for the very helpful answer. I'm going to give this a try later. Is there a way to set the number of rounds or work factor for scrypt? – Dominic P Mar 28 '16 at 04:46
  • Just for anyone else who finds this. Apparently, passing the second `0` argument to `sjcl.random.randomWords` is for testing purposes only and will [severely cripple](https://github.com/bitwiseshiftleft/sjcl/issues/77) the security of the resulting key. I'm not sure how much it matters in this context given that it is being used for a salt, but I will leave that to people more knowledgeable than me. – Dominic P Sep 01 '16 at 20:35
  • 2
    A salt, same as an IV has to only be non-repeating and not as random as a key, so `sjcl.random.randomWords` with the second argument 0 should be fine. It is also what sjcl uses internally for pbkdf2. – Nils Sep 02 '16 at 21:37
  • 2
    In regards of setting the work factor for scrypt, just look into the documentation in the scrypt file here: https://github.com/bitwiseshiftleft/sjcl/blob/master/core/scrypt.js – Nils Sep 02 '16 at 21:39
  • Thanks for the clarification. That is very helpful. – Dominic P Sep 03 '16 at 05:46