4

I am using scrypt in making an Android app and it takes a very long time to compute the hash. This is how I call it:

String hash = Base64.encodeToString(SCrypt.scrypt("password".getBytes(), "salt".toString().getBytes(), 16384, 16, 2, 128), Base64.DEFAULT);

And this is how I declared the dependency in Gradle:

compile group: 'com.lambdaworks', name: 'scrypt', version: '1.4.0'

It takes almost a minute to compute the hash on my Nexus 6P and that is of course, very slow. Does anyone have any idea on how this can be made much faster? I am new to this and hence, clueless on why it is so slow and how to speed it up.

zaph
  • 111,848
  • 21
  • 189
  • 228
pratnala
  • 3,723
  • 7
  • 35
  • 58
  • How can you tell with everything crammed into one line, that makes debugging and understanding a lot harder. Please provide a [mcve], all the other cruft does not apply to `script()`. You should be aiming for about 100ms. – zaph Jul 08 '16 at 03:03

1 Answers1

2

I think the SCrypt.scrypt()parameters should be optimized for your use cases.

Some numbers in this answer and this slide p17

(N = 2^14, r = 8, p = 1) for < 100ms (interactive use)

(N = 2^20, r = 8, p = 1) for < 5s (sensitive storage)

and the N,r,p meanings:

N: General work factor, iteration count.

r: blocksize in use for underlying hash; fine-tunes the relative memory-cost.

p: parallelization factor; fine-tunes the relative cpu-cost

So if you want less time, the N should be reduced. r and p is related to hardware, it need more runtime environment to adjust dynamically.

Community
  • 1
  • 1
sakiM
  • 4,832
  • 5
  • 27
  • 33
  • The time to perform a script operation is controlled by the value of `N` and the hardware it is run on. For slower hardware decrease the value of `N` to an acceptable time, ~100ms is a reasonable time vs security tradeoff. – zaph Jul 08 '16 at 14:14
  • So, is my phone just slow when it is taking a minute to compute? I don't mind a few seconds tbh. – pratnala Jul 08 '16 at 14:19
  • I don't think it will make your phone feel "slow" when computing this UNLESS you put it in ui-thread. You could refer to async task in android to improve user experience. – sakiM Jul 09 '16 at 00:47
  • I am sorry I am unable to understand. After I tap on the button to the compute, it take about 60-70 seconds to compute, which is evidently way too much time. How to speed it up? – pratnala Jul 09 '16 at 01:07
  • Have you decreased the number `16384` in `SCrypt.scrypt(...)` ? try 8000, 4000, 2000 instead and watch the speed and result – sakiM Jul 09 '16 at 01:28
  • Even using async task doesn't help speed it up though. I have seen other apps which use these parameters but are faster. What's the issue? – pratnala Aug 20 '16 at 22:22
  • I have this issue too. N is 2^14 but it takes long time (~60s) in some phones (Actually on all phones except mine :)) ) – Alireza Omidi Jul 02 '18 at 14:10
  • @AlirezaOmidi what are the whole params and scrypt text length? like r? [RFC7914](https://tools.ietf.org/html/rfc7914) example is no such a big N value. (The max N is 1048576) – sakiM Jul 09 '18 at 09:35
  • @sakiM I resolved the issue by just creating an `.apk` file and installing it. Using Run or Debug in Android Studio was the problem. I think there is a huge overhead in profiling the running app which Android Studio was doing. the parameters are OK (`N=16384`). – Alireza Omidi Jul 10 '18 at 13:22