Questions tagged [scrypt]

Scrypt is a recent key derivation function designed for password storage. It aims to improve on earlier similar functions such as PBKDF2 and bcrypt by requiring significant amounts of memory in addition to computation time.

Scrypt is a key derivation function that is designed to require significant processing time and memory. It is designed to improve on earlier KDF such as and by requiring more memory which is typically not a problem on typical servers and PCs but expensive on special-purpose ASIC that attackers may use to brute-force a KDF to crack password hashes. Scrypt is still recent and not widely used.

Further reading

61 questions
103
votes
1 answer

In 2018, what is the recommended hash to store passwords: bcrypt, scrypt, Argon2?

There are many questions about picking a hash function, including How to securely hash passwords? or Are there more modern password hashing methods than bcrypt and scrypt?, with very detailed answers, but most of them date quite a bit. The consensus…
jcaron
  • 3,365
  • 2
  • 15
  • 22
83
votes
10 answers

Why improvising your own Hash function out of existing hash functions is so bad

I'm afraid I'll have tomatoes thrown at me for asking this old question, but here goes. After reading that cooking up your own password hash out of existing hashing functions is dangerous over and over again I still don't understand the logic. Here…
George Powell
  • 1,508
  • 12
  • 14
61
votes
3 answers

Is bcrypt better than scrypt

Possible Duplicate: Do any security experts recommend bcrypt for password storage? I'm no security expert and do not pretend to be that's why I'm asking here. I write many PHP based applications and up to now I have been using bcrypt to hash my…
twigg
  • 721
  • 1
  • 5
  • 5
47
votes
2 answers

Are there more modern password hashing methods than bcrypt and scrypt?

This question made me start thinking about password hashing again. I currently use bcrypt (specifically py-bcrypt). I've heard a lot about PBKDF2, and scrypt. What I'm wondering is if there are any "more modern" password hashing methods that I might…
Brendan Long
  • 2,878
  • 1
  • 19
  • 27
29
votes
3 answers

Is a HMAC-ed password is more secure than a bcrypt-ed or scrypt-ed password?

Given an option , which one should I choose , a HMAC for storing a password securely or a bcrypt or scrypt library?
user917279
  • 463
  • 1
  • 4
  • 11
17
votes
1 answer

Is the Litecoin Scrypt hashing technique a threat to hashed passwords?

The Bitcoin alternative, Litecoin uses a different algorithm to protect the block chain, namely Scrypt (not Sha256). Given that GPU accelerators exists, and ASICS are due to be released, does the widespread implementation of the Litecoin network…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
12
votes
3 answers

has scrypt withstood the test of time?

I've always heard that scrypt was better than bcrpyt... because of memory causing GPU a very difficult time to crack. However, the notion always was that scrypt hadn't been tested, it was kind of a new crypt method, and that I should wait it to be…
Arian Faurtosh
  • 285
  • 1
  • 9
12
votes
1 answer

How to interpret the scrypt vs bcrypt vs pbkdf2 comparison table?

You are probably familiar with this table: The source of the table is this here This table is 10+ years old. Is this still valid with current technology? Wikipedia says that since 2014 there is ASIC equipment used for crypto-currencies. Do they…
vidi
  • 287
  • 1
  • 8
11
votes
3 answers

How should I choose a difficulty factor for my password hashing function?

Assuming that I'm doing password hashing properly and using bcrypt, scrypt or PBKDF2, how should I go about choosing an appropriate difficulty factor? i.e rounds for bcrypt, iterations for PBKDF2 and maxtime, maxmem or maxmemfrac for scrypt. Also…
Ladadadada
  • 5,163
  • 1
  • 24
  • 41
10
votes
2 answers

Has scrypt been broken, finally?

If I understand correctly, according to this: http://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html, looks like the attacker can just create an optimimized version of scrypt that produce the same ouput with extremely high effiency (e.g.…
dnang
  • 645
  • 2
  • 6
  • 10
9
votes
1 answer

Any problems with scrypt yet?

In the question Do any security experts recommend bcrypt for password storage? Thomas Pornin recommends the hashing function scrypt but saying it is "too new to be recommended on a general basis". Scrypt is from 2009 and I would like to know, if any…
PiTheNumber
  • 5,394
  • 4
  • 19
  • 36
9
votes
4 answers

Major industry password leaks using salted HMAC but without eg PBKDF2, scrypt

I'm trying to convince higher-ups on a project to use an iterative strengthening function to secure password-storage for a new system. The current proposal would store something like an HMAC of a salted SHA-256 (presumably the other HMAC inputs are…
8
votes
2 answers

Why does node.js scrypt function use HMAC this way?

According to the documentation, the scrypt hash function works like so: The hash function does the following: Adds random salt. Creates a HMAC to protect against active attack. Uses the scrypt key derivation function to derive a hash for a…
ChrisD
  • 235
  • 2
  • 4
8
votes
1 answer

What are the recommended scrypt cost factors for 2016?

I've been trying to look for the answer, but the latest one I found was outdated by three years. So what are the recommended scrypt cost factors for 2016?
Awn
  • 480
  • 4
  • 15
7
votes
1 answer

How secure is Scrypt, really?

I've been recently taking a hard look at the scrypt system for storing users' passwords. However, I'm rather worried about it's security because of things like Litecoin miners. Is scrypt secure enough to store passwords, even with the availability…
Kaz Wolfe
  • 372
  • 3
  • 11
1
2 3 4 5