From 841d17b212c1dde40b30da1c060e01b3a2f5fba8 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Fri, 15 Dec 2017 11:01:12 +0000
Subject: [PATCH] Set sane parameters for scrypt

---
 server/decrypt.go | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/server/decrypt.go b/server/decrypt.go
index 3ff37e37..81933558 100644
--- a/server/decrypt.go
+++ b/server/decrypt.go
@@ -1,14 +1,31 @@
 package server
 
 import (
+	"errors"
+
 	"github.com/miscreant/miscreant/go"
 	"golang.org/x/crypto/scrypt"
 )
 
+const (
+	scryptN = 32768
+	scryptR = 8
+	scryptP = 1
+	keyLen  = 64
+	saltLen = 32
+)
+
 func decrypt(data, pw []byte) ([]byte, error) {
+	// The KDF salt is prepended to the encrypted key.
+	if len(data) < saltLen {
+		return nil, errors.New("short data")
+	}
+	salt := data[:saltLen]
+	data = data[saltLen:]
+
 	// Apply the key derivation function to the password to obtain
 	// a 64 byte key.
-	dk, err := scrypt.Key(pw, nil, 16384, 1, 8, 64)
+	dk, err := scrypt.Key(pw, salt, scryptN, scryptR, scryptP, keySize)
 	if err != nil {
 		return nil, err
 	}
-- 
GitLab