-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verifying password #17
Comments
|
@evilaliv3 I wonder if there would be any standard instruction or specification for password verification in scrypt. Because in |
@Tresdin there were attempts to make a universal text encoding for scrypt (params + salt + hash), but so far there are many different implementations. All you need is just to store this information: {
logN: ..., // or N
r: ...,
p: ..., // always 1 for scrypt-async-js
salt: ..., // possibly base64 encoded
hash: ..., // possibly base64 encoded
} To verify, read parameters and salt from storage, generate a new hash with the password you're trying to verify and compare to the stored one. |
@dchest Since derived key length is a required parameter in |
Ah, true, if you ever want to change the hash length, save it. But I'd just fix it to 32 (if you don't need more derived keys for other purposes). P is parallelization parameter: it tells how many parallel instances to calculate in order to fill more CPU cores. It's fixed to 1 in scrypt-async-js for simplicity (and because apart from web workers JS doesn't parallelize). The source is the original scrypt paper: https://www.tarsnap.com/scrypt/scrypt.pdf |
I used to be stuck with picking between |
How can I verify password hashed by
scrypt-async
?How is
scrypt-async
hash different from node-scrypt hash? Are they compatible?The text was updated successfully, but these errors were encountered: