==== Select the correct Scrypt parameters

If scrypt must be used, the default values of scrypt are considered secure.

Like Argon2id, scrypt has three different parameters that can be configured. N is the CPU/memory cost parameter and must be a power of two. r is the block size and p is the parallelization factor.
	
All three parameters affect the memory and CPU usage of the algorithm.
Higher values of N, r and p result in safer hashes, but come at the cost of higher resource usage.

For scrypt, OWASP recommends to have a hash length of at least 64 bytes, and to set N, p and r to the values of one of the following rows:

[options="header",cols="a,a,a"]
|===
|N (cost parameter) |p (parallelization factor) |r (block size)
|2^17^ (`1 << 17`)
|1
|8
|2^16^ (`1 << 16`)
|2
|8 
|2^15^ (`1 << 15`)
|3
|8 
|2^14^ (`1 << 14`)
|5
|8
|2^13^ (`1 << 13`)
|10
|8
|===

Every row provides the same level of defense. They only differ in the amount of CPU and RAM used: the top row has low CPU usage and high memory usage, while the bottom row has high CPU usage and low memory usage.