Skip to content

DCIT/perl-Crypt-ScryptKDF

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits

lib/Crypt

lib/Crypt

 
 

src

src

 
 

t

t

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

Build.PL

Build.PL

 
 

Changes

Changes

 
 

LICENSE

LICENSE

 
 

MANIFEST.SKIP

MANIFEST.SKIP

 
 

README

README

 
 

Repository files navigation

NAME
    Crypt::ScryptKDF - Scrypt password based key derivation function

SYNOPSIS
    Creating / verifying scrypt-based password hash:

     use Crypt::ScryptKDF qw(scrypt_hash scrypt_hash_verify);

     my $hash1 = scrypt_hash("secret password");
     # .. later
     die "Invalid password" unless scrypt_hash_verify("secret password", $hash1);

     #or by specifying Scrypt parameters
     my $hash2 = scrypt_hash("secret password", \32, 16384, 8, 1, 32);
     # .. later
     die "Invalid password" unless scrypt_hash_verify("secret password", $hash2);

    Creating raw scrypt-based derived key:

     use Crypt::ScryptKDF qw(scrypt_raw scrypt_hex scrypt_b64);

     my $binary_buffer = scrypt_raw($password, $salt, $N, $r, $p, $len);
     my $hexadecimal_string = scrypt_hex($password, $salt, $N, $r, $p, $len);
     my $base64_string = scrypt_b64($password, $salt, $N, $r, $p, $len);

DESCRIPTION
    Scrypt is a password-based key derivation function (like for example
    PBKDF2). Scrypt was designed to be "memory-hard" algorithm in order to
    make it expensive to perform large scale custom hardware attacks.

    It can be used for:

    *   deriving cryptographic keys from low-entropy password (like PBKDF2)

    *   creating (+validating) password hashes (like PBKDF2 or Bcrypt)

    More details about Scrypt: <http://www.tarsnap.com/scrypt/scrypt.pdf>
    and <https://tools.ietf.org/html/draft-josefsson-scrypt-kdf>

    IMPORTANT: This module needs a cryptographically strong random number
    generator. It tries to use one of the following:

    *   Crypt::PRNG - random_bytes()

    *   Crypt::OpenSSL::Random - random_bytes()

    *   Net::SSLeay - RAND_bytes()

    *   Crypt::Random - makerandom_octet()

    *   Bytes::Random::Secure - random_bytes()

    *   As an unsecure fallback it uses built-in rand()

FUNCTIONS
    *   scrypt_raw

        Derive a key from given "password" and "salt" (+ optional params).

         my $derived_key_raw_bytes = scrypt_raw($password, $salt, $N, $r, $p, $len);
         #or
         my $derived_key_raw_bytes = scrypt_raw($password, $salt);

         #  $password - low-entropy secret (bytes)
         #  $salt - raw octects (bytes) with a salt
         #  $N - CPU/memory cost (has to be power of 2 and >1) DEFAULT: 2^14 = 16384
         #  $r - block size parameter                          DEFAULT: 8
         #  $p - parallelization parameter                     DEFAULT: 1
         #  $len - length of derived key (in bytes)            DEFAULT: 32
         #returns:
         #  $derived_key .. raw bytes of length $len

    *   scrypt_hex

        Similar to scrypt_raw only the return value is encoded as
        hexadecimal value.

         my $derived_key_hex_string = scrypt_hex($password, $salt, $N, $r, $p, $len);
         #or
         my $derived_key_hex_string = scrypt_hex($password, $salt);

    *   scrypt_b64

        Similar to scrypt_raw only the return value is BASE64 encoded.

         my $derived_key_base64_string = scrypt_b64($password, $salt, $N, $r, $p, $len);
         #or
         my $derived_key_base64_string = scrypt_b64($password, $salt);

    *   scrypt_hash

        Create a password hash for given "password".

         my $hash = scrypt_hash($password, $salt, $N, $r, $p, $len);

         #  params same as by scrypt_raw, the $salt can also be a scalar ref with salt
         #  length e.g. $salt=\24 means that salt will be 24 randomly generated bytes
         #returns:
         #  string with password hash (suitable for storing in DB) e.g.
         #  'SCRYPT:16384:8:1:BK8jkrqgm3BEtMh/g+WGL+k8ZeoAo=:YsEnQWld4UK8EqRZ9JuGbQnnlkXaM='

        Some of the parameters are optional:

         # 1 arg variant
         my $hash = scrypt_hash($password); # generate random salt (32 bytes)

         # 2 args variant
         my $hash = scrypt_hash($password, $salt); # use given $salt
         my $hash = scrypt_hash($password, \20);   # generate random salt (20 bytes)

         # 5 args variant
         my $hash = scrypt_hash($password, $N, $r, $p, $len); # random salt (32 bytes)

    *   scrypt_hash_verify

        Verify a password hash created with "scrypt_hash()"

         my $is_valid = scrypt_hash_verify($password, $hash);
         #  $password - password to be verified
         #  $hash - hash previously created via scrypt_hash
         #returns:
         #  1 (ok) or 0 (fail)

    *   random_bytes

        Generate random bytes of given length.

         my $salt = random_bytes($len);
         #  $len - number of random bytes
         #returns:
         #  $len random octets

LICENSE
    This program is free software; you can redistribute it and/or modify it
    under the same terms as Perl itself.

COPYRIGHT
    Copyright (c) 2013-2015 DCIT, a.s. <http://www.dcit.cz> / Karel Miko

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

1 star

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages