A Clojure library for the scrypt key derivation function. Use it to encrypt passwords and other sensitive data.
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
src/clojure/clojurewerkz/scrypt
test/clojurewerkz/scrypt
.gitignore
.travis.yml
ChangeLog.md
LICENSE-APL2.txt
LICENSE-EPL.txt
README.md
project.clj

README.md

Clojure Scrypt Library

scrypt is a tiny Clojure library for the scrypt key derivation function.

Why Use Scrypt

Scrypt has a significantly higher cost of carrying out brute force attacks on hashed values:

Key derivation function comparison

For more details, see the Scrypt paper.

Community

To subscribe for announcements of releases, important changes and so on, please follow @ClojureWerkz on Twitter.

Project Maturity

ClojureWerkz Scrypt is a fairly young project built on top of a Java implementation of Scrypt that has been around for a couple of years.

Artifacts

Scrypt artifacts are released to Clojars. If you are using Maven, add the following repository definition to your pom.xml:

<repository>
  <id>clojars.org</id>
  <url>http://clojars.org/repo</url>
</repository>

The Most Recent Release

With Leiningen:

[clojurewerkz/scrypt "1.2.0"]

With Maven:

<dependency>
  <groupId>clojurewerkz</groupId>
  <artifactId>scrypt</artifactId>
  <version>1.2.0</version>
</dependency>

Documentation

Scrypt has a single namespace: clojurewerkz.scrypt.core, and two functions:

  • clojurewerkz.scrypt.core/encrypt encrypts a string using Scrypt
  • clojurewerkz.scrypt.core/verify verifies a string against a hash produced by encrypt

An example to demonstrate them:

(require '[clojurewerkz.scrypt.core :as sc])

(let [h (sc/encrypt "secret" 16384 8 1)]
        (sc/verify "secret" h))
;= true

(let [h (sc/encrypt "secret" 16384 8 1)]
        (sc/verify "another value" h))
;= false

Arguments that clojurewerkz.scrypt.core/encrypt takes control CPU, RAM and parallelization cost. The values in the example above are optimal starting points for many applications.

See the Scrypt paper for a detailed information.

Native Scrypt Implementation

It is possible to use a native implementation as of ClojureWerkz Scrypt 1.1.0. From Lambdaworks Scrypt documentation:

  When the native library can be loaded it will be used instead of the pure
  Java implementation. On a J2SE compliant JVM the native library will be
  extracted from the jar and loaded, and on other VMs System.loadLibrary will
  be called.

  The system property "com.lambdaworks.jni.loader" may be set to override
  the default native library loader with one of the following values:

   * nil: refuse to load native libraries and revert to pure Java implementation
   * jar: extract native library from jar and load with System.load
   * sys: use System.loadLibrary, which may require java.library.path to be set

Supported Clojure Versions

scrypt requires Clojure 1.4+.

Continuous Integration Status

Continuous Integration status

Scrypt Is a ClojureWerkz Project

This library is part of the group of Clojure libraries known as ClojureWerkz, together with

Development

scrypt uses Leiningen 2. Make sure you have it installed and then run tests against supported Clojure versions using

lein all test

Then create a branch and make your changes on it. Once you are done with your changes and all tests pass, submit a pull request on GitHub.

License

Copyright (C) 2013-2016 Michael S. Klishin, Alex Petrov.

Double licensed under the Eclipse Public License (the same as Clojure) or the Apache Public License 2.0.