32 lines
1.1 KiB
Plaintext
32 lines
1.1 KiB
Plaintext
==== Select the correct Scrypt parameters
|
|
|
|
If scrypt must be used, the default values of scrypt are considered secure.
|
|
|
|
Like Argon2id, scrypt has three different parameters that can be configured. N is the CPU/memory cost parameter and must be a power of two. r is the block size and p is the parallelization factor.
|
|
|
|
All three parameters affect the memory and CPU usage of the algorithm.
|
|
Higher values of N, r and p result in safer hashes, but come at the cost of higher resource usage.
|
|
|
|
For scrypt, OWASP recommends to have a hash length of at least 64 bytes, and to set N, p and r to the values of one of the following rows:
|
|
|
|
[options="header",cols="a,a,a"]
|
|
|===
|
|
|N (cost parameter) |p (parallelization factor) |r (block size)
|
|
|2^17^ (`1 << 17`)
|
|
|1
|
|
|8
|
|
|2^16^ (`1 << 16`)
|
|
|2
|
|
|8
|
|
|2^15^ (`1 << 15`)
|
|
|3
|
|
|8
|
|
|2^14^ (`1 << 14`)
|
|
|5
|
|
|8
|
|
|2^13^ (`1 << 13`)
|
|
|10
|
|
|8
|
|
|===
|
|
|
|
Every row provides the same level of defense. They only differ in the amount of CPU and RAM used: the top row has low CPU usage and high memory usage, while the bottom row has high CPU usage and low memory usage. |