To help us decide on good key-stretching parameters in https://wiki.mozilla.org/Identity/AttachedServices/KeyServerProtocol#Client-Side_Key_Stretching , we'd like to measure how fast PBKDF2-HMAC-SHA256 and scrypt run on various phones, both big and small. We'd like to have a small standalone Android application that runs a benchmark and optionally submits the speed data to a little server. The output would be a rounds-per-second for PBKDF2, and a rounds-per-second for scrypt. For PBKDF2, I'd suggest running 10k or 20k rounds and dividing. 20k rounds takes about 1 second on my 700MHz ARM Raspberry Pi, which seems like a reasonable proxy for a mid-range phone. For scrypt, I'd set N=8192,r=8,p=1 and divide the time by 8192. This takes 700ms on my rPi (and 27ms on my mac laptop). Using N=8k should require maybe 8MB of ram. The N=65536 we'd like to use should take 8 times longer and about 64MB of ram.. if a given device can do that, we should try it, but slower phones might take a significant time to complete the test, so we should probably report the N=8k results before starting the N=64k test. This needs to measure the speed of compiled code, not interpreted JS. PBKDF2 is well-defined in RFC2898 (but remember we use HMAC-SHA256, not HMAC-SHA1) and there are many implementations floating around. scrypt is defined in http://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01 and there is C code available from http://www.tarsnap.com/scrypt.html (for convenience, I use the python binding from https://pypi.python.org/pypi/scrypt/0.6.1 , which splits out the hash() function that we care about).
I beat you to it! :D No worries about using JS; we won't be shipping this feature in Gecko on Android.