Cap the scrypt cost parameter to avoid OOM
This branch limits the scrypt cost parameter N
to avoid running out of memory.
Scrypt uses at least 128 * N * r
bytes of memory (https://blog.filippo.io/the-scrypt-parameters/). In Briar's case r
is always 8 and N
is a power of two between 256 and 1024 * 1024, so scrypt uses between 256 KB and 1 GB of memory (plus allocation overhead) depending on the value of N
. During account creation, Briar tries to find a suitable value of N
for the device by starting from 256 and doubling the value until scrypt takes more than 1 second to run.
If the CPU and memory bus are fast relative to the heap size, Briar may find a value of N
that exhausts the available memory before it finds a value for which scrypt takes more than 1 second to run.
This can be reproduced with briar-headless by restricting the max heap size. On my machine, limiting the heap to 16 MB causes briar-headless to crash with an OOM in ScryptKdf#chooseCostParameter() after account setup:
$ rm -r ~/.briar
$ java -Xmx16M -jar briar-headless/output/libs/briar-headless.jar
The same command doesn't crash with this branch: the scrypt cost parameter is capped to 8192, so scrypt uses no more than 8 MB of memory (plus allocation overhead).
Closes #1926 (closed)