MANPAGE: scryptn: list how much memory is needed

Calculated acc. to https://words.filippo.io/the-scrypt-parameters/ ,
and add benchmarks to double-check the numbers. They match.
This commit is contained in:
Jakob Unterwurzacher 2023-01-08 22:15:39 +01:00
parent 0b5b864a06
commit 88bc0aa607
2 changed files with 61 additions and 47 deletions

View File

@ -563,15 +563,44 @@ Quiet - silence informational messages.
Applies to: all actions. Applies to: all actions.
#### -scryptn int #### -scryptn int
scrypt cost parameter expressed as scryptn=log2(N). Possible values are gocryptfs uses *scrypt* for hashing the password when mounting,
10 to 28, representing N=2^10 to N=2^28. which protects from brute-force attacks.
`-scryptn` controls the *scrypt* cost parameter "N" expressed as scryptn=log2(N).
Possible values are `-scryptn=10` to `-scryptn=28`, representing N=2^10 to N=2^28.
Setting this to a lower Setting this to a lower
value speeds up mounting and reduces its memory needs, but makes value speeds up mounting and reduces its memory needs, but makes
the password susceptible to brute-force attacks. The default is 16. the password susceptible to brute-force attacks. The default is 16.
The memory usage for *scrypt* during mounting is as follows:
scryptn Memory Usage
======= ============
10 1 MiB
11 2
12 4
13 8
14 16
15 32
16 64
17 128
18 256
19 512
20 1 GiB
21 2
22 4
23 8
24 16
25 32
26 64
27 128
28 256
Applies to: `-init`, `-passwd` Applies to: `-init`, `-passwd`
See also: the benchmarks in the gocryptfs source code in internal/configfile.
#### -trace string #### -trace string
Write execution trace to file. View the trace using "go tool trace FILE". Write execution trace to file. View the trace using "go tool trace FILE".

View File

@ -1,60 +1,45 @@
package configfile package configfile
import ( import (
"fmt"
"testing" "testing"
) )
/* /*
Results on a 2.7GHz Pentium G630: $ time go test -bench . -run none
goos: linux
gocryptfs/cryptfs$ go test -bench=. goarch: amd64
pkg: github.com/rfjakob/gocryptfs/v2/internal/configfile
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BenchmarkScryptN/10-4 339 3488649 ns/op 1053167 B/op 22 allocs/op ... 3ms+1MiB
BenchmarkScryptN/11-4 175 6816072 ns/op 2101742 B/op 22 allocs/op
BenchmarkScryptN/12-4 87 13659346 ns/op 4198898 B/op 22 allocs/op
BenchmarkScryptN/13-4 43 27443071 ns/op 8393209 B/op 22 allocs/op
BenchmarkScryptN/14-4 21 56931664 ns/op 16781820 B/op 22 allocs/op
BenchmarkScryptN/15-4 10 108494502 ns/op 33559027 B/op 22 allocs/op
BenchmarkScryptN/16-4 5 217347137 ns/op 67113465 B/op 22 allocs/op ... 217ms+67MiB
BenchmarkScryptN/17-4 3 449680138 ns/op 134222362 B/op 22 allocs/op
BenchmarkScryptN/18-4 2 867481653 ns/op 268440064 B/op 22 allocs/op
BenchmarkScryptN/19-4 1 1738085333 ns/op 536875536 B/op 23 allocs/op
BenchmarkScryptN/20-4 1 3508224867 ns/op 1073746448 B/op 23 allocs/op
BenchmarkScryptN/21-4 1 9536561994 ns/op 2147488272 B/op 23 allocs/op
BenchmarkScryptN/22-4 1 16937072495 ns/op 4294971920 B/op 23 allocs/op
PASS PASS
BenchmarkScrypt10-2 300 6021435 ns/op ... 6ms ok github.com/rfjakob/gocryptfs/v2/internal/configfile 47.545s
BenchmarkScrypt11-2 100 11861460 ns/op
BenchmarkScrypt12-2 100 23420822 ns/op
BenchmarkScrypt13-2 30 47666518 ns/op
BenchmarkScrypt14-2 20 92561590 ns/op ... 92ms
BenchmarkScrypt15-2 10 183971593 ns/op
BenchmarkScrypt16-2 3 368506365 ns/op
BenchmarkScrypt17-2 2 755502608 ns/op ... 755ms
ok github.com/rfjakob/gocryptfs/v2/cryptfs 18.772s
*/ */
func benchmarkScryptN(n int, b *testing.B) { func BenchmarkScryptN(b *testing.B) {
for n := 10; n <= 20; n++ {
b.Run(fmt.Sprintf("%d", n), func(b *testing.B) {
benchmarkScryptN(b, n)
})
}
}
func benchmarkScryptN(b *testing.B, n int) {
kdf := NewScryptKDF(n) kdf := NewScryptKDF(n)
for i := 0; i < b.N; i++ { for i := 0; i < b.N; i++ {
kdf.DeriveKey(testPw) kdf.DeriveKey(testPw)
} }
} b.ReportAllocs()
func BenchmarkScrypt10(b *testing.B) {
benchmarkScryptN(10, b)
}
func BenchmarkScrypt11(b *testing.B) {
benchmarkScryptN(11, b)
}
func BenchmarkScrypt12(b *testing.B) {
benchmarkScryptN(12, b)
}
func BenchmarkScrypt13(b *testing.B) {
benchmarkScryptN(13, b)
}
func BenchmarkScrypt14(b *testing.B) {
benchmarkScryptN(14, b)
}
func BenchmarkScrypt15(b *testing.B) {
benchmarkScryptN(15, b)
}
func BenchmarkScrypt16(b *testing.B) {
benchmarkScryptN(16, b)
}
func BenchmarkScrypt17(b *testing.B) {
benchmarkScryptN(17, b)
} }