From dbfdff167b398094bb6def6e3e47f3deca38d905 Mon Sep 17 00:00:00 2001
From: Daniel Krol <orblivion@gmail.com>
Date: Wed, 13 Jul 2022 06:44:42 -0400
Subject: [PATCH] Confirm scrypt parameters; remove comment

---
 test_client/test_client.py | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/test_client/test_client.py b/test_client/test_client.py
index 5eb56f9..828939c 100755
--- a/test_client/test_client.py
+++ b/test_client/test_client.py
@@ -201,14 +201,11 @@ def derive_secrets(root_password, salt):
     # TODO - wallet_id in the salt? (with domain etc if we go that way)
     # But, we probably want random salt anyway for each domain, who cares
     #
-    # TODO - save scrypt parameters with the keys so we can change parameters
-    # and still read old keys?
+    # 2017 Scrypt parameters: https://words.filippo.io/the-scrypt-parameters/
     #
-    # https://stackoverflow.com/a/12581268
-    # Per this, there's an optimal for interactive use, and there's a stronger
-    # optimal for sensitive storage. Going with the latter since we're storing
-    # encrypted stuff on a server. That said, that's based on presentation
-    # slides from 2009. Maybe I should go even more secure?
+    # There's recommendations for interactive use, and stronger recommendations
+    # for sensitive storage. Going with the latter since we're storing
+    # encrypted stuff on a server.
     scrypt_n = 1<<20
     scrypt_r = 8
     scrypt_p = 1