scrypt: add comments on N check

paulmillr · Sep 1, 2024 · c10da92 · c10da92
1 parent 7c4098d
commit c10da92
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/scrypt.ts b/src/scrypt.ts
@@ -106,9 +106,12 @@ function scryptInit(password: Input, salt: Input, _opts?: ScryptOpts) {
     throw new Error('progressCb should be function');
   const blockSize = 128 * r;
   const blockSize32 = blockSize / 4;
+
+  // Max N is 2^32 (Integrify is 32-bit). Real limit is 2^22: JS engines Uint8Array limit is 4GB in 2024.
+  // Spec check `N >= 2 ** (blockSize / 8)` is not done for compat with popular libs,
+  // which used incorrect r: 1, p: 8. Also, the check seems to be a spec error:
+  // https://www.rfc-editor.org/errata_search.php?rfc=7914
   if (N <= 1 || (N & (N - 1)) !== 0 || N > 2 ** 32) {
-    // NOTE: we limit N to be less than 2**32 because of 32 bit variant of Integrify function
-    // There is no JS engines that allows alocate more than 4GB per single Uint8Array for now, but can change in future.
     throw new Error('Scrypt: N must be larger than 1, a power of 2, and less than 2^32');
   }
   if (p < 0 || p > ((2 ** 32 - 1) * 32) / blockSize) {