scrypt params are too restrictive

[finfet]

scrypt version 0.11.0 introduced a length requirement on the derived key length. It is no longer possible to derive keys shorter than 10 or larger than 64.

It is fine if the scrypt::Params struct has a recommended derived key length, but it should be possible to input a key length in compliance with RFC 7914. The RFC allows the scrypt derived key length to be "a positive integer less than or equal to (2^32 - 1) * 32".

[tarcieri]

scrypt v0.11 provided an ability to set an output length at all as part of Params. Prior to that, it was hardcoded to Params::RECOMMENDED_LEN. See #255.

But also, that shouldn't impact the low-level scrypt::scrypt API, which is intended for e.g. key derivation. It should only impact the high-level password hashing API, which produces a PHC hash string.

AFAICT there's nothing you could do in earlier versions which isn't possible in v0.11.

If you think there is, can you provide a repro of something which worked with earlier versions which isn't possible under v0.11?

[finfet]

My apologies, it looks like I misunderstood how to use the API. I am using the lower level scrypt::scrypt API where it appears that the length portion of the Params object is ignored and it uses the output buffer instead. I am still able to derive keys with variable lengths, despite the length setting in Params, which is good.

[tarcieri]

I think there's a reasonable point to be made that the API is a bit confusing, since scrypt::scrypt accepts Params but ignores the length specified in them