archive snowblossom slack dev
prev 2019-07-17 next
2019-07-17 19:03:20
Rotonen
how come scrypt?
2019-07-17 19:03:43
Fireduck
I like the tuning abilities
2019-07-17 19:03:47
Fireduck
but not really a big deal
2019-07-17 19:04:04
Rotonen
i'm not deep enough into the context, but litecoin miners are a thing
2019-07-17 19:04:10
Rotonen
a consideration?
2019-07-17 19:04:29
Fireduck
not a problem. It is mostly about just making it harder to crack the files, not impossible
2019-07-17 19:04:45
Rotonen
i'm assuming you're figuring out the key derivation cranking
2019-07-17 19:04:50
Fireduck
yeah
2019-07-17 19:05:11
Fireduck
My target is about 10 cpu seconds on modern systems
2019-07-17 19:06:11
Rotonen
do benchmark on a 9900K and on a ryzen 3600
2019-07-17 19:06:49
Rotonen
or with anything from the top ~10 https://www.cpubenchmark.net/singleThread.html Benchmarks of the single thread performance of CPUs. This chart comparing CPUs single thread performance is made using thousands of PerformanceTest benchmark results and is updated daily.
2019-07-17 19:09:12
Fireduck
my "unit" tests get slower and slower
2019-07-17 19:09:30
Rotonen
group them and run in parallel?
2019-07-17 19:09:52
Rotonen
or if they have proper setup/teardown isolation on all levels, just modulo-split them across cores
2019-07-17 19:10:05
Fireduck
as long as the entire suite takes less than 5 minutes, I'm not going to mess with it
2019-07-17 19:10:16
Rotonen
exceeding 5min is also my pain point
2019-07-17 19:10:18
Fireduck
bazel does each module separately
2019-07-17 19:10:22
Rotonen
10min requires immediate action
2019-07-17 19:10:36
Fireduck
currently at 60sec wall time
2019-07-17 19:10:42
Rotonen
kk, trivial
2019-07-17 19:57:32
Fireduck
@Rotonen please take a look at that. I'm pretty confident everything there is correct. Not using a good salt for the scrypt, but that is a necessary compromise to avoid redo the pbkdf for each file (on both reading and writing)
2019-07-17 19:58:03
Rotonen
who is lambdaworks?
2019-07-17 19:59:12
Rotonen
and i'm not deep enough into scrypt per implementation as to figure out if that parallelization cost is too little or too much
2019-07-17 20:00:24
Fireduck
That is fine
2019-07-17 20:01:07
Fireduck
Good question on lambdaworks. They have a java scrypt implementation (obviously) but don't know beyond that.
2019-07-17 20:01:47
Rotonen
if you see download stats and that indicates there are enough many eyeballs on them, should be legit
2019-07-17 20:02:43
Fireduck
they don't update a lot, which I take as a good sign. A small complete library doesn't need updates.
2019-07-17 20:03:01
Rotonen
is that init vector guaranteed sane?
2019-07-17 20:03:59
Fireduck
IV doesn't need to be anything in particular. It is best if you don't reuse it, since if you do someone will be able to compare files encrypted with the same key and see how much of the beginning of the file matches
2019-07-17 20:05:05
Rotonen
yes, it does not need to be anything in particular, but you're sure there is no such thing as a bad corner of the vector space random could spit up?
2019-07-17 20:05:19
Rotonen
i only suspect that as i've never actually looked into scrypt
2019-07-17 20:05:48
Fireduck
The IV is only used for the AES part
2019-07-17 20:06:24
Rotonen
kk
2019-07-17 20:08:45
Rotonen
mixing the return null error handling in there sorta irks me, but that's beside the point
2019-07-17 20:12:09
Rotonen
not spotting anything peculiar, but i'd not take that as a higher order guarantee
2019-07-17 20:14:02
Fireduck
sure
2019-07-17 20:14:25
Rotonen
lambdaworks seems like a relatively legit small scala company
2019-07-17 20:15:01
Fireduck
I do like that bazel makes you pin dependencies via hash
2019-07-17 20:15:18
Fireduck
so things can't change under you without some action
2019-07-17 20:16:11
Rotonen
lambdaworks is from northern serbia
2019-07-17 20:18:10
Fireduck
not as good as ukrainian, but I'll take it
2019-07-17 20:18:47
Rotonen
i'm more worried about that being so little used than their region of origin
2019-07-17 20:19:34
Rotonen
40 downloads recently, you're probably half of that already :stuck_out_tongue:
2019-07-17 20:19:53
Rotonen
oh, i've misestimated what usages means
2019-07-17 20:20:02
Rotonen
is bitcoinj legit?
2019-07-17 20:21:14
Fireduck
bitcoinj is legit
2019-07-17 20:21:26
Rotonen
and i'd be amazed if this is not a malware: https://mvnrepository.com/artifact/org.loois/android-sdk :smile:
2019-07-17 20:21:30
Fireduck
Mostly Mike Hearn before he got pissed off at the bitcoin comunity
2019-07-17 20:22:29
Rotonen
i'm a bit worried about opencms using scrypt :stuck_out_tongue: https://mvnrepository.com/artifact/org.opencms/opencms-core
2019-07-17 20:22:55
Rotonen
but if this is also the legit ethereum java thingy, seems legit https://mvnrepository.com/artifact/org.web3j/core
2019-07-17 20:23:15
Fireduck
the bitcoinj at least has the things I expect where I expect them
2019-07-17 20:23:37
Rotonen
so if they can use that, you can use that
2019-07-17 20:23:55
Rotonen
though no idea what they use it for
2019-07-17 20:24:01
Rotonen
but on rough general principles
2019-07-17 20:24:59
Rotonen
oh, loois is some actual chinese crypto thing http://loois.org/ Loois生态包括:全币种钱包、数字资产交易、去中心化交易协议整合、流动性系统、开放API、跨链金融产品(期货产品、基金产品、借贷产品等)、交易联盟(钱包联盟、订单联盟、合伙人联盟)等。
2019-07-17 20:25:06
Rotonen
so that's probably not malware
2019-07-17 20:25:21
Fireduck
ha
2019-07-17 20:25:48
Fireduck
hum, looks like scrypt is using jni
2019-07-17 20:25:56
Rotonen
based on the timeline there, i'd not necessarily assume loois to have gone well, but i have no idea
2019-07-17 20:25:57
Fireduck
it might be a no go if it is limiting my platforms at all
2019-07-17 20:26:20
Rotonen
did you avoid that madness on the ui?
2019-07-17 20:27:14
Fireduck
I haven't plumbed through the encryption into anything yet
2019-07-17 20:27:22
Fireduck
just started with the basic functions
2019-07-17 20:27:52
Rotonen
no, i mean in general native stuff through JNI where you'd have to figure out the multitude of OS versions out there?
2019-07-17 20:28:17
Rotonen
iirc javafx would have had that in store for you, but swing is still fully included in at least java 11 and java 12?
2019-07-17 20:29:34
Fireduck
yeah, I avoided javafx for that reason
2019-07-17 20:29:44
Fireduck
the only thing that uses JNI is rocksdb for the node
2019-07-17 20:30:05
Rotonen
and that's optional, right?
2019-07-17 20:30:16
Fireduck
it looks like the scrypt library will gracefully degrade to java if there is no jni
2019-07-17 20:30:21
Fireduck
yeah, don't need to run a node
2019-07-17 20:30:52
Rotonen
i compile my node on a mac and run it on a windows - iirc there were multiple databases or somesuch
2019-07-17 20:30:58
Rotonen
defaults to leveldb?
2019-07-17 20:31:27
Fireduck
rocksdb library I am using supports windows (64 bit), linux and mac
2019-07-17 20:31:49
Fireduck
there is another db, but I never implemented some things in it, so it can't currently do tx_index or addr_index
2019-07-17 20:32:19
Rotonen
oh it's precompiled and not your problem, gotcha
2019-07-17 20:36:57
Fireduck
yep
2019-07-17 21:16:12
Rotonen
i guess you confused git without using an explicit git rm?
2019-07-17 21:16:29
Fireduck
Moving that SystemUtil file to lib so it can be used from client
2019-07-17 21:16:50
Rotonen
kk, misread package as import and was full of confusion