@bascule how can one actually use scrypt and rbnacl to verify if a entered password is correct?
-
-
@bascule so its ok to store the secret_key unencrypted for a RbNaCl::SimpleBox? oO -
@Asmod4n if you're actually using scrypt as a KDF but want to know you have the right key, you could hash the derived key and check that -
@bascule Oh, yes! That should also be good against timing attacks :) -
@Asmod4n I'm doing something similar in https://github.com/cryptosphere/confusion … but using PBKDF2 so I have JRuby support -
@bascule looked through it, private keys as url params :? -
@Asmod4n yeah, the goal is to represent as much as possible as URIs -
@bascule oh, only had a small mind twist, though https headers can’t be encrypted, but that was compression -,-
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.