A Clojure library for the scrypt key derivation function. Use it to encrypt passwords and other sensitive data.
Clojure
Latest commit a67101b Jan 2, 2016 @michaelklishin michaelklishin Update (c) year
Permalink
Failed to load latest commit information.
src/clojure/clojurewerkz/scrypt Fixing the docstring for core/encrypt. Feb 20, 2014
test/clojurewerkz/scrypt Don't use :use Jan 31, 2014
.gitignore Ignore nREPL files Jan 31, 2014
.travis.yml Add JDK 8 Jun 6, 2014
ChangeLog.md Update change log May 16, 2014
LICENSE-APL2.txt Include license files May 1, 2013
LICENSE-EPL.txt
README.md
project.clj Clojure master is now 1.8.0-master-SNAPSHOT Jul 11, 2015

README.md

Clojure Scrypt Library

scrypt is a tiny Clojure library for the scrypt key derivation function.

Why Use Scrypt

Scrypt has a significantly higher cost of carrying out brute force attacks on hashed values:

Key derivation function comparison

For more details, see the Scrypt paper.

Community

To subscribe for announcements of releases, important changes and so on, please follow @ClojureWerkz on Twitter.

Project Maturity

ClojureWerkz Scrypt is a fairly young project built on top of a Java implementation of Scrypt that has been around for a couple of years.

Artifacts

Scrypt artifacts are released to Clojars. If you are using Maven, add the following repository definition to your pom.xml:

<repository>
  <id>clojars.org</id>
  <url>http://clojars.org/repo</url>
</repository>

The Most Recent Release

With Leiningen:

[clojurewerkz/scrypt "1.2.0"]

With Maven:

<dependency>
  <groupId>clojurewerkz</groupId>
  <artifactId>scrypt</artifactId>
  <version>1.2.0</version>
</dependency>

Documentation

Scrypt has a single namespace: clojurewerkz.scrypt.core, and two functions:

  • clojurewerkz.scrypt.core/encrypt encrypts a string using Scrypt
  • clojurewerkz.scrypt.core/verify verifies a string against a hash produced by encrypt

An example to demonstrate them:

(require '[clojurewerkz.scrypt.core :as sc])

(let [h (sc/encrypt "secret" 16384 8 1)]
        (sc/verify "secret" h))
;= true

(let [h (sc/encrypt "secret" 16384 8 1)]
        (sc/verify "another value" h))
;= false

Arguments that clojurewerkz.scrypt.core/encrypt takes control CPU, RAM and parallelization cost. The values in the example above are optimal starting points for many applications.

See the Scrypt paper for a detailed information.

Native Scrypt Implementation

It is possible to use a native implementation as of ClojureWerkz Scrypt 1.1.0. From Lambdaworks Scrypt documentation:

  When the native library can be loaded it will be used instead of the pure
  Java implementation. On a J2SE compliant JVM the native library will be
  extracted from the jar and loaded, and on other VMs System.loadLibrary will
  be called.

  The system property "com.lambdaworks.jni.loader" may be set to override
  the default native library loader with one of the following values:

   * nil: refuse to load native libraries and revert to pure Java implementation
   * jar: extract native library from jar and load with System.load
   * sys: use System.loadLibrary, which may require java.library.path to be set

Supported Clojure Versions

scrypt requires Clojure 1.4+.

Continuous Integration Status

Continuous Integration status

Scrypt Is a ClojureWerkz Project

This library is part of the group of Clojure libraries known as ClojureWerkz, together with

Development

scrypt uses Leiningen 2. Make sure you have it installed and then run tests against supported Clojure versions using

lein all test

Then create a branch and make your changes on it. Once you are done with your changes and all tests pass, submit a pull request on GitHub.

License

Copyright (C) 2013-2016 Michael S. Klishin, Alex Petrov.

Double licensed under the Eclipse Public License (the same as Clojure) or the Apache Public License 2.0.