This KDF was added in v0.5.0.
Scrypt is an adaptive function designed in response to
bcrypt. This KDF is recommended as it requires relatively large amounts of memory for each derivation, making it resistant to hardware brute-force attacks.
The recommended minimum cost is
p=1 (as of 2/1/2016 on commodity hardware).
pmust be a positive integer and less than
(2^32 − 1) * (Hlen/MFlen)where
Hlenis the length in octets of the digest function output (32 for SHA-256) and
MFlenis the length in octets of the mixing function output, defined as
r * 128. These parameters should be increased to the threshold at which legitimate systems will encounter detrimental delays (see schedule below or use
ScryptCipherProviderGroovyTest#testDefaultConstructorShouldProvideStrongParameters()to calculate safe minimums).
The salt format is
$s0$e0101$ABCDEFGHIJKLMNOPQRSTUV. The salt is delimited by
$and the three sections are as follows:
s0- the version of the format. NiFi currently uses
s0for all salts generated internally.
e0101- the cost parameters. This is actually a hexadecimal encoding of
pusing shifts. This can be formed/parsed using
Some external libraries encode
pseparately in the form
Nis stored in hex encoding as
0x4000, which is
0d16384, or 214 as
0d14). A utility method is available at
ScryptCipherProvider#translateSalt()which will convert the external form to the internal form.
ABCDEFGHIJKLMNOPQRSTUV- the 12-44 character, Base64-encoded, unpadded, raw salt value. This decodes to a 8-32 byte salt used in the key derivation.