Submitted an erratum to RFC7914 for the definition of Integerify. I suspect that whoever coded the reference implementation of scrypt didn't want to deal with the hassle of using bignums and just grabbed 4 bytes out of the middle of the octet string as placeholder code, then forgot to go back and fix it before turning it loose on the world.
It will be interesting to see what happens. Ideally, the standard should express, correctly, what the code should do, and not be an apologist for what extant code actually does. But if my suspicion above is correct, then both the RFC and all extant code needs to be corrected.
There would have to be a new version, say scrypt2, because the original code's results are embedded everywhere. Just for one huge example, the litecoin blockchain.
Back to blog or home page
last updated 2021-03-05 09:46:40. served from tektonic.jcomeau.com