# Cap the scrypt cost parameter to avoid OOM

This branch limits the scrypt cost parameter `N`

to avoid running out of memory.

Scrypt uses at least `128 * N * r`

bytes of memory (https://blog.filippo.io/the-scrypt-parameters/). In Briar's case `r`

is always 8 and `N`

is a power of two between 256 and 1024 * 1024, so scrypt uses between 256 KB and 1 GB of memory (plus allocation overhead) depending on the value of `N`

. During account creation, Briar tries to find a suitable value of `N`

for the device by starting from 256 and doubling the value until scrypt takes more than 1 second to run.

If the CPU and memory bus are fast relative to the heap size, Briar may find a value of `N`

that exhausts the available memory before it finds a value for which scrypt takes more than 1 second to run.

This can be reproduced with briar-headless by restricting the max heap size. On my machine, limiting the heap to 16 MB causes briar-headless to crash with an OOM in ScryptKdf#chooseCostParameter() after account setup:

```
$ rm -r ~/.briar
$ java -Xmx16M -jar briar-headless/output/libs/briar-headless.jar
```

The same command doesn't crash with this branch: the scrypt cost parameter is capped to 8192, so scrypt uses no more than 8 MB of memory (plus allocation overhead).

Closes #1926 (closed)