Scrypt
-
This KDF was added in v0.5.0.
-
Scrypt is an adaptive function designed in response to
bcrypt
. This KDF is recommended as it requires relatively large amounts of memory for each derivation, making it resistant to hardware brute-force attacks. -
The recommended minimum cost is
N
=214 (16,384),r
=8,p
=1 (as of 2/1/2016 on commodity hardware).p
must be a positive integer and less than(2^32 − 1) * (Hlen/MFlen)
whereHlen
is the length in octets of the digest function output (32 for SHA-256) andMFlen
is the length in octets of the mixing function output, defined asr * 128
. These parameters should be increased to the threshold at which legitimate systems will encounter detrimental delays (see schedule below or useScryptCipherProviderGroovyTest#testDefaultConstructorShouldProvideStrongParameters()
to calculate safe minimums). -
The salt format is
$s0$e0101$ABCDEFGHIJKLMNOPQRSTUV
. The salt is delimited by$
and the three sections are as follows:-
s0
- the version of the format. NiFi currently usess0
for all salts generated internally. -
e0101
- the cost parameters. This is actually a hexadecimal encoding ofN
,r
,p
using shifts. This can be formed/parsed usingScrypt#encodeParams()
andScrypt#parseParameters()
.-
Some external libraries encode
N
,r
, andp
separately in the form$4000$1$1$
(N
is stored in hex encoding as0x4000
, which is0d16384
, or 214 as0xe
=0d14
). A utility method is available atScryptCipherProvider#translateSalt()
which will convert the external form to the internal form.
-
-
ABCDEFGHIJKLMNOPQRSTUV
- the 12-44 character, Base64-encoded, unpadded, raw salt value. This decodes to a 8-32 byte salt used in the key derivation.
-