/ 
Crypt-ScryptKDF-0.003
River stage two • 7 direct dependents • 12 total dependents
/ Crypt::ScryptKDF

NAME

Crypt::ScryptKDF - Scrypt password based key derivation function

SYNOPSIS

###### creating raw scrypt-based derived key
use Crypt::ScryptKDF qw(scrypt_raw scrypt_hex scrypt_b64);
my $binary_buffer = scrypt_raw($password, $salt, $N, $r, $p, $len);
my $hexadecimal_string = scrypt_hex($password, $salt, $N, $r, $p, $len);
my $base64_string = scrypt_b64($password, $salt, $N, $r, $p, $len);

#or
$key_binary = scrypt_raw($password);
$key_binary = scrypt_raw($password, $salt);
$key_binary = scrypt_raw($password, $N, $r, $p, $len);

#the same applies for
$key_hex = scrypt_hex($password);
$key_hex = scrypt_hex($password, $salt);
$key_hex = scrypt_hex($password, $N, $r, $p, $len);
$key_base64 = scrypt_b64($password);
$key_base64 = scrypt_b64($password, $salt);
$key_base64 = scrypt_b64($password, $N, $r, $p, $len);

###### creating / verifying scrypt-based password hash
use Crypt::ScryptKDF qw(scrypt_hash scrypt_hash_verify);

my $hash = scrypt_hash("secret password");
# .. later
die "Invalid password" unless scrypt_hash_verify("secret password", $hash);

#or by specifying Scrypt parameters
my $hash = scrypt_hash($password, $salt, $N, $r, $p, $len);
my $hash = scrypt_hash($password, $N, $r, $p, $len);
my $hash = scrypt_hash($password, $salt);

DESCRIPTION

Scrypt is a password-based key derivation function (like for example PBKDF2). Scrypt was designed to be "memory-hard" algorithm in order to make it expensive to perform large scale custom hardware attacks.

It can be used for:

  • deriving cryptographic keys from low-entropy password (like PBKDF2)

  • creating (+validating) password hashes (like PBKDF2 or Bcrypt)

More details about Scrypt: http://www.tarsnap.com/scrypt/scrypt.pdf and https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00

FUNCTIONS

  • scrypt_raw

    my $derived_key_raw_bytes = scrypt_raw($password, $salt, $N, $r, $p, $len);
#  $password - low-entropy secret (bytes)
#  $salt - random bytes (bytes)
#  $N - CPU/memory cost (has to be power of 2 and >1); DEFAULT: 2^14
#  $r - block size parameter; DEFAULT: 8
#  $p - parallelization parameter; DEFAULT: 1
#  $len - length of derived key; DEFAULT: 256bits
#returns:
#  derived key (raw bytes) of length $len

  • scrypt_hex

    Similar to scrypt_raw only the return value is encoded as hexadecimal value.

  • scrypt_b64

    Similar to scrypt_raw only the return value is BASE64 encoded.

  • scrypt_hash

    my $hash_string = scrypt_hash($password, $salt, $N, $r, $p, $len);
#  arguments same as scrypt_raw
#returns:
#  string with password hash (suitable for storing in DB) e.g.
#  'SCRYPT:16384:8:1:BK8jkrqgm3BEtMh/g+WGL+k8ZeoAo=:YsEnQWld4UK8EqRZ9JuGbQnnlkXaM='

  • scrypt_hash_verify

    my $is_valid = scrypt_hash_verify($password, $hash);
#  $password - password to be verified
#  $hash - hash previously created via scrypt_hash
#returns:
#  1 (ok) or 1 (fail)

COPYRIGHT

Copyright (c) 2013 DCIT, a.s. http://www.dcit.cz / Karel Miko