1SCRYPT(7)                           OpenSSL                          SCRYPT(7)
2
3
4

NAME

6       scrypt - EVP_PKEY scrypt KDF support
7

DESCRIPTION

9       The EVP_PKEY_SCRYPT algorithm implements the scrypt password based key
10       derivation function, as described in RFC 7914.  It is memory-hard in
11       the sense that it deliberately requires a significant amount of RAM for
12       efficient computation. The intention of this is to render brute forcing
13       of passwords on systems that lack large amounts of main memory (such as
14       GPUs or ASICs) computationally infeasible.
15
16       scrypt provides three work factors that can be customized: N, r and p.
17       N, which has to be a positive power of two, is the general work factor
18       and scales CPU time in an approximately linear fashion. r is the block
19       size of the internally used hash function and p is the parallelization
20       factor. Both r and p need to be greater than zero. The amount of RAM
21       that scrypt requires for its computation is roughly (128 * N * r * p)
22       bytes.
23
24       In the original paper of Colin Percival ("Stronger Key Derivation via
25       Sequential Memory-Hard Functions", 2009), the suggested values that
26       give a computation time of less than 5 seconds on a 2.5 GHz Intel Core
27       2 Duo are N = 2^20 = 1048576, r = 8, p = 1. Consequently, the required
28       amount of memory for this computation is roughly 1 GiB. On a more
29       recent CPU (Intel i7-5930K at 3.5 GHz), this computation takes about 3
30       seconds. When N, r or p are not specified, they default to 1048576, 8,
31       and 1, respectively. The default amount of RAM that may be used by
32       scrypt defaults to 1025 MiB.
33

NOTES

35       A context for scrypt can be obtained by calling:
36
37        EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL);
38
39       The output length of an scrypt key derivation is specified via the
40       length parameter to the EVP_PKEY_derive(3) function.
41

EXAMPLE

43       This example derives a 64-byte long test vector using scrypt using the
44       password "password", salt "NaCl" and N = 1024, r = 8, p = 16.
45
46        EVP_PKEY_CTX *pctx;
47        unsigned char out[64];
48
49        size_t outlen = sizeof(out);
50        pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL);
51
52        if (EVP_PKEY_derive_init(pctx) <= 0) {
53            error("EVP_PKEY_derive_init");
54        }
55        if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) {
56            error("EVP_PKEY_CTX_set1_pbe_pass");
57        }
58        if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) {
59            error("EVP_PKEY_CTX_set1_scrypt_salt");
60        }
61        if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) {
62            error("EVP_PKEY_CTX_set_scrypt_N");
63        }
64        if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) {
65            error("EVP_PKEY_CTX_set_scrypt_r");
66        }
67        if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) {
68            error("EVP_PKEY_CTX_set_scrypt_p");
69        }
70        if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
71            error("EVP_PKEY_derive");
72        }
73
74        {
75            const unsigned char expected[sizeof(out)] = {
76                0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
77                0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
78                0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
79                0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
80                0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
81                0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
82                0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
83                0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
84            };
85
86            assert(!memcmp(out, expected, sizeof(out)));
87        }
88
89        EVP_PKEY_CTX_free(pctx);
90

CONFORMING TO

92       RFC 7914
93

SEE ALSO

95       EVP_PKEY_CTX_set1_scrypt_salt(3), EVP_PKEY_CTX_set_scrypt_N(3),
96       EVP_PKEY_CTX_set_scrypt_r(3), EVP_PKEY_CTX_set_scrypt_p(3),
97       EVP_PKEY_CTX_set_scrypt_maxmem_bytes(3), EVP_PKEY_CTX_new(3),
98       EVP_PKEY_CTX_ctrl_str(3), EVP_PKEY_derive(3)
99
101       Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
102
103       Licensed under the OpenSSL license (the "License").  You may not use
104       this file except in compliance with the License.  You can obtain a copy
105       in the file LICENSE in the source distribution or at
106       <https://www.openssl.org/source/license.html>.
107
108
109
1101.1.1c                            2019-05-28                         SCRYPT(7)
Impressum