npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

scrypt-kdf

v3.0.0

Published

Scrypt Key Derivation Function

Downloads

158,705

Readme

Scrypt Key Derivation Function

Node.js CI

Scrypt is a password-based key derivation function, useful for storing password hashes for verifying interactive logins.

Passwords should never, of course, be stored as plaintext, but even salted hashed passwords can be susceptible to brute-force attack using custom hardware. Key derivation functions can be tuned to be computationally expensive to calculate, in order to protect against attack.

Scrypt is a ‘memory-hard’ algorithm, meaning that it will produce keys (hashes) which are strongly resistant to attack using GPUs and other custom hardware, which may be computationally powerful but have limited memory. It is designed to be stronger than earlier KDFs bcrypt and PBKDF2.

It was originally developed by Colin Percival as part of the Tarsnap file encryption utility. It is fully described in Percival’s paper Stronger Key Derivation via Sequential Memory-Hard Functions, and is specified in RFC 7841.

scrypt-kdf is a Node.js zero-dependency wrapper around the core Node.js OpenSSL implementation of scrypt, providing a kdf function and a verify function.

  • the kdf(passphrase, params) function returns a key (together with scrypt parameters and salt), which can be stored for later verification
  • the verify(key, passphrase) function verifies that the stored key was derived from the supplied password.

Example usage

scrypt-kdf is available from npm:

$ npm install scrypt-kdf

hashing

import Scrypt from 'scrypt-kdf');

const keyBuf = await Scrypt.kdf('my secret pw', { logN: 15 });
const keyStr = keyBuf.toString('base64');
// keyStr is 128-char string which can be stored for subsequent verification

verifying

import Scrypt from 'scrypt-kdf');

const user = await users.findOne({ email: req.body.email }); // for example
const keyBuf = Buffer.from(user.password, 'base64');
const ok = await Scrypt.verify(keyBuf, req.body.password);

in Deno:

import Scrypt from 'npm:scrypt-kdf@^3';

API

– hash

Scrypt.kdf(passphrase, params) – derive key from given passphrase (async).

  • passphrase is a user-supplied password string/TypedArray/Buffer to be hashed and stored.
  • params is an object with properties logN, r, p.
    • logN is a CPU/memory cost parameter: an integer work factor which determines the cost of the key derivation function, and hence the security of the stored key; for sub-100ms interactive logins, a value of 15 is recommended for current (2017) hardware (increased from the original 2009 recommendation of 14)
    • r (optional) is a block size parameter, an integer conventionally fixed at 8.
    • p (optional) is a parallelization parameter, an integer conventionally fixed at 1.
  • returns: (promised) key as a Buffer which can be stored in any preferred format.

– verify

Scrypt.verify(key, passphrase) – confirm key was derived from passphrase (async).

  • key is a Buffer obtained from Scrypt.kdf().
  • passphrase is the password string/TypedArray/Buffer used to derive the stored key.
  • returns: (promised) true for successful verification, false otherwise.

– view parameters

Scrypt.viewParams(key) – return the logN, r, p parameters used to derive key.

  • key is a Buffer derived from Scrypt.kdf().
  • returns { logN, r, p } object.

– pick parameters

Scrypt.pickParams(maxtime, maxmem, maxmemfrac) – return scrypt parameters for given operational parameters.

  • maxtime is the maximum time in seconds scrypt will spend computing the derived encryption key from the password (0.1 seconds is recommended for interactive logins).
  • maxmem (optional) is the maximum RAM scrypt will use when computing the derived encryption key, in bytes (default maximum available physical memory).
  • maxmemfrac (optional) is the maximum fraction of available RAM scrypt will use for computing the derived encryption key (default 0.5); if not within the range 0 < maxmemfrac <= 0.5, this will be set to 0.5.
  • returns { logN, r, p } object.

Note that results are dependent on the computer the calculation is run on; calculated parameters may vary depending on computer specs & current loading.

OpenSSL implementation

scrypt-kdf is a wrapper around the OpenSSL implementation of scrypt made available through the Node.js crypto module.

Key format

The key is returned as a 96-byte Buffer/Uint8Array for maximum flexibility, in Colin Percival’s standard file header format:

| offset | length | value | -----: | -----: | :---- | 0 | 6 | ‘scrypt’ | 6 | 1 | version [0] | 7 | 1 | log2(N) | 8 | 4 | r (big-endian integer) | 12 | 4 | p (big-endian integer) | 16 | 32 | salt | 48 | 16 | checksum: first 16 bytes of SHA256(bytes 0–47) | 64 | 32 | HMAC-SHA256(bytes 0–63), with scrypt(password, salt, 64, { N, r, p }) as key

If converted to base-64 (for trouble-free storage or transmission), the key will be a 128-character string, which will always begin with c2NyeXB0, as this is ‘scrypt’ encoded as base-64.