3

I'm trying to mimic in Go, the functionality that is available in a python library (https://pypi.org/project/scrypt/) for decrypting a scrypt generated digest (given the correct password).

It seems the go library only provides one function for encrypting data where as it seems this python library provides not only that but also a way to reverse/decrypt the digest, as well as provide a function for using scrypt for a simpler one-way hash function.

I'm not a security expert, nor do I understand maths/numbers so I feel like trying to replicate that python library is beyond my understanding. I presume it's possible to do because the python library appears to have achieved it.

Does anyone know where I would even start on approaching this problem. Or be gracious enough with their time to provide some form of example code to help me.

Thanks.

Update

The scrypt function is fundamentally a hash function. It uses a password as a way to derive a digest: meaning, there should be no way for the original message (the message that was hashed) to be retrieved.

So with that understanding in place, it makes sense that Golang's interface for scrypt doesn't support any such function such as decrypt. But then how is py-script's decrypt function working?

Well, if I look back at https://www.tarsnap.com/scrypt.html it states that the scrypt executable provides an "encryption utility"...

A simple password-based encryption utility is available as a demonstration of the scrypt key derivation function. The scrypt utility can be invoked as scrypt enc infile [outfile] to encrypt data (if outfile is not specified, the encrypted data is written to the standard output), or as scrypt dec infile [outfile] to decrypt data (if outfile is not specified, the decrypted data is written to the standard output).

...and upon checking py-script I see it embeds a version of the scrypt executable, meaning py-script is calling the executable's enc and dec functions.

So although I don't necessarily know how tarsnap's encryption utility is built and what it's doing under the covers (e.g. what actual encryption algorithm is being utilised), the fact is that scrypt is only really designed as a key derivation function and that digest output is used by those additional tarsnap functions in such a way as to support encryption/decryption.

Integralist
  • 5,899
  • 5
  • 25
  • 42
  • 2
    `scrypt` is not really intended to be used as an encryption suite, the `encrypt/decrypt` are there just as a demonstration (although used by `tarsnap`). You should use `scrypt` for the things it does best - key derivation - and leave the encryption for algorithms designed for it, like AES. Golang's `scrypt` interface is perfectly capable for the former and if you intend to use encrypt/decrypt `scrypt` facilities you'll either have to wrap the `scrypt` library itself or invoke the `scrypt` binary through `os/exec`. – zwer May 18 '18 at 12:45
  • @Integralist a link to the Golang `scrypt` function would help the question. – zaph May 18 '18 at 13:57

1 Answers1

4

There is no decryption of scrypt, only validation.

What the scrypt decrypt function does is take a password and a password hash created by the encrypt function and validates by performing the same operation on the password that the encrypt function did and then comparing the two hashes.

Check the Golang documentation for there verification function name and usage.

scrypt does not decrypt, that is a misnomer by a developer who was lacking understanding. It is not even encryption, it is a cryptographic hash function from which the original input can not be obtained.

zaph
  • 111,848
  • 21
  • 189
  • 228
  • Hi @zaph, thanks for your response. I'm interested to understand what it is that py-script is doing with its 'decrypt' function if there is no such supported feature in scrypt (see py-script's decrypt source code here: https://bitbucket.org/mhallin/py-scrypt/src/a0801ed84b4e274d28edcfb547d52030bd5df331/scrypt/scrypt.py?at=default&fileviewer=file-view-default#scrypt.py-141:188). I've tested that library function and it indeed is able to accept a digest/hash (a digest that was produced by scrypt), along with a password, and it'll return the original unencrypted message – Integralist May 21 '18 at 07:20
  • The `decrypt` function is badly named with bad documentation, **do not use** code that does not even describe what it does! From the docs: 1. From these, one can make a simple password verifier using the following functions: `def hash_password(password, maxtime=0.5, datalength=64):` and `def verify_password(hashed_password, guessed_password, maxtime=0.5)`. Use these functions. 2. Also note the is does not really perform decryption from the error message: "scrypt.error: decrypting file would take too long". – zaph May 21 '18 at 08:21