scrypt
What is scrypt?
scryptA memory-hard password-based KDF designed by Colin Percival in 2009 and specified in RFC 7914, used for password hashing and for proof-of-work in some cryptocurrencies.
scrypt is a password-based key derivation function published by Colin Percival in 2009 and standardised in RFC 7914 that combines PBKDF2-HMAC-SHA-256 with a memory-hard inner mixing step called ROMix, built on the Salsa20/8 core. Its three tunable parameters are N (memory/CPU cost), r (block size) and p (parallelism); a typical interactive setting is N=2^15, r=8, p=1, requiring around 32 MiB. The memory-hard design dramatically increases the cost of GPU and ASIC attacks compared with PBKDF2 or bcrypt. scrypt remains a safe choice for password hashing and KDF, although Argon2id is generally preferred for new designs; Litecoin and Dogecoin use scrypt as their proof-of-work function.
● Examples
- 01
Storing user passwords using scrypt with N=16384, r=8, p=1.
- 02
Litecoin uses scrypt as its proof-of-work hash.
● Frequently asked questions
What is scrypt?
A memory-hard password-based KDF designed by Colin Percival in 2009 and specified in RFC 7914, used for password hashing and for proof-of-work in some cryptocurrencies. It belongs to the Cryptography category of cybersecurity.
What does scrypt mean?
A memory-hard password-based KDF designed by Colin Percival in 2009 and specified in RFC 7914, used for password hashing and for proof-of-work in some cryptocurrencies.
How do you defend against scrypt?
Defences for scrypt typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for scrypt?
Common alternative names include: Percival scrypt, RFC 7914.