NAME

Crypt::ScryptKDF - Scrypt password based key derivation function

SYNOPSIS

Creating / verifying scrypt-based password hash:


            
              
              use Crypt::ScryptKDF qw(scrypt_hash scrypt_hash_verify);
my $hash1 = scrypt_hash("secret password");
# .. later
die "Invalid password" unless scrypt_hash_verify("secret password", $hash1);
#or by specifying Scrypt parameters
my $hash2 = scrypt_hash("secret password", \32, 16384, 8, 1, 32);
# .. later
die "Invalid password" unless scrypt_hash_verify("secret password", $hash2);

Creating raw scrypt-based derived key:


            
              
              use Crypt::ScryptKDF qw(scrypt_raw scrypt_hex scrypt_b64);
my $binary_buffer = scrypt_raw($password, $salt, $N, $r, $p, $len);
my $hexadecimal_string = scrypt_hex($password, $salt, $N, $r, $p, $len);
my $base64_string = scrypt_b64($password, $salt, $N, $r, $p, $len);

DESCRIPTION

Scrypt is a password-based key derivation function (like for example PBKDF2). Scrypt was designed to be "memory-hard" algorithm in order to make it expensive to perform large scale custom hardware attacks.

It can be used for:

deriving cryptographic keys from low-entropy password (like PBKDF2)
creating (+validating) password hashes (like PBKDF2 or Bcrypt)

More details about Scrypt: http://www.tarsnap.com/scrypt/scrypt.pdf and https://tools.ietf.org/html/draft-josefsson-scrypt-kdf

IMPORTANT: This module needs a cryptographically strong random number generator. It tries to use one of the following:

Crypt::PRNG - random_bytes()
Crypt::OpenSSL::Random - random_bytes()
Net::SSLeay - RAND_bytes()
Crypt::Random - makerandom_octet()
Bytes::Random::Secure - random_bytes()
As an unsecure fallback it uses built-in rand()

FUNCTIONS

scrypt_raw

Derive a key from given password and salt (+ optional params).


            
              
              my $derived_key_raw_bytes = scrypt_raw($password, $salt, $N, $r, $p, $len);
#or
my $derived_key_raw_bytes = scrypt_raw($password, $salt);
#  $password - low-entropy secret (bytes)
#  $salt - raw octects (bytes) with a salt
#  $N - CPU/memory cost (has to be power of 2 and >1) DEFAULT: 2^14 = 16384
#  $r - block size parameter                          DEFAULT: 8
#  $p - parallelization parameter                     DEFAULT: 1
#  $len - length of derived key (in bytes)            DEFAULT: 32
#returns:
#  $derived_key .. raw bytes of length $len

scrypt_hex

Similar to scrypt_raw only the return value is encoded as hexadecimal value.


            
              
              my $derived_key_hex_string = scrypt_hex($password, $salt, $N, $r, $p, $len);
#or
my $derived_key_hex_string = scrypt_hex($password, $salt);

scrypt_b64

Similar to scrypt_raw only the return value is BASE64 encoded.


            
              
              my $derived_key_base64_string = scrypt_b64($password, $salt, $N, $r, $p, $len);
#or
my $derived_key_base64_string = scrypt_b64($password, $salt);

scrypt_hash

Create a password hash for given password.


            
              
              my $hash = scrypt_hash($password, $salt, $N, $r, $p, $len);
#  params same as by scrypt_raw, the $salt can also be a scalar ref with salt
#  length e.g. $salt=\24 means that salt will be 24 randomly generated bytes
#returns:
#  string with password hash (suitable for storing in DB) e.g.
#  'SCRYPT:16384:8:1:BK8jkrqgm3BEtMh/g+WGL+k8ZeoAo=:YsEnQWld4UK8EqRZ9JuGbQnnlkXaM='

Some of the parameters are optional:


            
              
              # 1 arg variant
my $hash = scrypt_hash($password); # generate random salt (32 bytes)
# 2 args variant
my $hash = scrypt_hash($password, $salt); # use given $salt
my $hash = scrypt_hash($password, \20);   # generate random salt (20 bytes)
# 5 args variant
my $hash = scrypt_hash($password, $N, $r, $p, $len); # random salt (32 bytes)

scrypt_hash_verify

Verify a password hash created with scrypt_hash()


            
              
              my $is_valid = scrypt_hash_verify($password, $hash);
#  $password - password to be verified
#  $hash - hash previously created via scrypt_hash
#returns:
#  1 (ok) or 0 (fail)

random_bytes

Generate random bytes of given length.


            
              
              my $salt = random_bytes($len);
#  $len - number of random bytes
#returns:
#  $len random octets

LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

COPYRIGHT

To install Crypt::ScryptKDF, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::ScryptKDF

CPAN shell

perl -MCPAN -e shell
install Crypt::ScryptKDF

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)