🔒 Node.JS scrypt password hashing algorithm following the PHC string format.
Coded with ❤️ by Simone Primarosa.
The PHC String Format is an attempt to specify a common hash string format that’s a restricted & well defined subset of the Modular Crypt Format. New hashes are strongly encouraged to adhere to the PHC specification, rather than the much looser Modular Crypt Format.
The hash strings generated by this package are in the following format:
$scrypt$ln=<cost>,r=<blocksize>,p=<parallelism>$<salt>$<hash>Where:
| Field | Type | Description |
|---|---|---|
<cost> |
number |
The CPU/Memory cost parameter N encoded as log2(N). |
<blocksize> |
number |
The block size parameter r. |
<parallelism> |
number |
The parallelization parameter p. |
<salt> |
string |
A sequence of bits, known as a cryptographic salt encoded in B64. |
<hash> |
string |
The computed derived key by the scrypt algorithm encoded in B64. |
For more details consult the scrypt paper here.
npm install --save @phc/scryptconst scrypt = require('@phc/scrypt');
// Hash and verify with scrypt and default configs
const hash = await scrypt.hash('password');
// => $scrypt$ln=15,r=8,p=1$D/EEcdfcBkj4DQB3zlfsFQ$v9Xsag5AySIY78DFKslBzeRXCUfsLKCZ0Xm4Xwoh+J0
const match = await scrypt.verify(hash, 'password');
// => true
const match = await scrypt.verify(hash, 'wrong');
// => false
const ids = scrypt.identifiers();
// => ['scrypt']Below you can find usage statistics of this hashing algorithm with different
options.
This should help you understand how the different options affects the running
time and memory usage of the algorithm.
Usage reports are generated thanks to sympact.
System Report ↴
Distro Release Platform Arch
-------- ------- -------- ----
Mac OS X 10.12.6 darwin x64
CPU Brand Clock Cores
------ -------------- -------- -----
Intel® Core™ i5-6360U 2.00 GHz 4
Memory Type Size Clock
---------------------- ------ ----------- --------
Micron Technology Inc. LPDDR3 4294.967 MB 1867 MHz
Micron Technology Inc. LPDDR3 4294.967 MB 1867 MHz
Default options - {cost:15, blocksize:8, parallelism:1} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
8.30 % ± 3.80 % 0.70 % … 10.20 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
39.765 MB ± 15.420 MB 21.058 MB … 56.001 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.120 s 0.163 s 5 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.024 s 0.70 % 21.058 MB 23332
0.074 s 10.20 % 43.299 MB 23332
0.104 s 10.20 % 56.001 MB 23332
0.135 s 10.20 % 56.001 MB 23332
0.163 s 10.20 % 22.467 MB 23332
Cost of 10 - {cost:10, blocksize:8, parallelism:1} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
0.60 % ± 0.00 % 0.60 % … 0.60 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
21.713 MB ± 0.602 MB 21.111 MB … 22.315 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.015 s 0.061 s 2 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.025 s 0.60 % 21.111 MB 23349
0.061 s 0.60 % 22.315 MB 23349
Cost of 14 - {cost:14, blocksize:8, parallelism:1} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
1.00 % ± 0.00 % 1.00 % … 1.00 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
26.058 MB ± 7.145 MB 21.131 MB … 38.404 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.070 s 0.118 s 4 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.024 s 1.00 % 21.131 MB 23360
0.069 s 1.00 % 38.404 MB 23360
0.103 s 1.00 % 22.348 MB 23360
0.118 s 1.00 % 22.348 MB 23360
Cost of 16 - {cost:16, blocksize:8, parallelism:1} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
27.03 % ± 18.50 % 0.60 % … 45.30 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
59.287 MB ± 29.023 MB 20.759 MB … 89.092 MB
Execution time Sampling time Samples
-------------- ------------- ----------
0.248 s 0.293 s 10 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.024 s 0.60 % 20.759 MB 23375
0.069 s 10.80 % 39.600 MB 23375
0.100 s 10.80 % 57.696 MB 23375
0.131 s 10.80 % 74.301 MB 23375
0.163 s 10.80 % 89.092 MB 23375
0.194 s 45.30 % 89.092 MB 23375
0.231 s 45.30 % 89.092 MB 23375
0.260 s 45.30 % 89.092 MB 23375
0.291 s 45.30 % 22.073 MB 23375
0.293 s 45.30 % 22.073 MB 23375
Cost of 18 - {cost:18, blocksize:8, parallelism:1} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
68.16 % ± 28.64 % 0.70 % … 93.90 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
208.153 MB ± 96.535 MB 21.144 MB … 290.943 MB
Execution time Sampling time Samples
-------------- ------------- ----------
0.977 s 1.021 s 34 samples
Instant CPU Usage RAM Usage PIDS
------- --------- ---------- -----
0.023 s 0.70 % 21.144 MB 23402
0.071 s 0.70 % 42.115 MB 23402
0.101 s 0.70 % 59.486 MB 23402
0.131 s 31.30 % 76.911 MB 23402
0.162 s 31.30 % 94.630 MB 23402
0.192 s 31.30 % 112.493 MB 23402
0.230 s 31.30 % 133.943 MB 23402
0.262 s 56.80 % 147.997 MB 23402
0.286 s 56.80 % 160.592 MB 23402
0.315 s 56.80 % 177.013 MB 23402
0.346 s 56.80 % 194.724 MB 23402
0.382 s 72.00 % 210.108 MB 23402
0.408 s 72.00 % 222.282 MB 23402
0.431 s 72.00 % 235.143 MB 23402
0.464 s 72.00 % 252.690 MB 23402
0.496 s 72.00 % 269.238 MB 23402
0.529 s 82.00 % 283.013 MB 23402
0.552 s 82.00 % 290.943 MB 23402
0.582 s 82.00 % 290.943 MB 23402
0.615 s 82.00 % 290.943 MB 23402
0.646 s 87.30 % 290.943 MB 23402
0.679 s 87.30 % 290.943 MB 23402
0.707 s 87.30 % 290.943 MB 23402
0.740 s 87.30 % 290.943 MB 23402
0.771 s 91.00 % 290.943 MB 23402
0.796 s 91.00 % 290.943 MB 23402
0.827 s 91.00 % 290.943 MB 23402
0.859 s 91.00 % 290.943 MB 23402
0.896 s 93.50 % 290.943 MB 23402
0.919 s 93.50 % 290.943 MB 23402
0.950 s 93.50 % 290.943 MB 23402
0.983 s 93.50 % 265.421 MB 23402
1.012 s 93.90 % 22.528 MB 23402
1.021 s 93.90 % 22.528 MB 23402
Cost of 20 - {cost:20, blocksize:8, parallelism:1} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
91.21 % ± 19.32 % 0.90 % … 100.00 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
804.252 MB ± 357.670 MB 20.914 MB … 1095.913 MB
Execution time Sampling time Samples
-------------- ------------- -----------
3.991 s 4.032 s 132 samples
Instant CPU Usage RAM Usage PIDS
------- --------- ----------- -----
0.023 s 0.90 % 20.914 MB 23477
0.073 s 13.70 % 43.454 MB 23477
0.103 s 13.70 % 61.125 MB 23477
0.135 s 13.70 % 79.528 MB 23477
0.166 s 13.70 % 97.137 MB 23477
0.195 s 46.60 % 113.861 MB 23477
0.228 s 46.60 % 132.624 MB 23477
0.257 s 46.60 % 148.546 MB 23477
0.288 s 46.60 % 166.314 MB 23477
0.319 s 65.90 % 183.742 MB 23477
0.350 s 65.90 % 201.548 MB 23477
0.385 s 65.90 % 218.853 MB 23477
0.410 s 65.90 % 233.521 MB 23477
0.445 s 78.10 % 252.256 MB 23477
0.478 s 78.10 % 268.091 MB 23477
0.508 s 78.10 % 283.501 MB 23477
0.532 s 78.10 % 296.665 MB 23477
0.563 s 78.10 % 314.053 MB 23477
0.601 s 86.60 % 332.669 MB 23477
0.630 s 86.60 % 345.465 MB 23477
0.649 s 86.60 % 356.663 MB 23477
0.679 s 86.60 % 373.604 MB 23477
0.706 s 92.20 % 389.239 MB 23477
0.735 s 92.20 % 406.569 MB 23477
0.766 s 92.20 % 424.444 MB 23477
0.796 s 92.20 % 442.057 MB 23477
0.826 s 92.20 % 459.317 MB 23477
0.858 s 95.00 % 477.434 MB 23477
0.886 s 95.00 % 493.470 MB 23477
0.915 s 95.00 % 509.420 MB 23477
0.945 s 95.00 % 526.828 MB 23477
0.976 s 98.00 % 544.375 MB 23477
1.006 s 98.00 % 561.500 MB 23477
1.036 s 98.00 % 579.178 MB 23477
1.068 s 98.00 % 597.348 MB 23477
1.099 s 99.20 % 614.593 MB 23477
1.127 s 99.20 % 630.661 MB 23477
1.165 s 99.20 % 648.651 MB 23477
1.195 s 99.20 % 663.556 MB 23477
1.223 s 98.70 % 677.904 MB 23477
1.250 s 98.70 % 692.257 MB 23477
1.279 s 98.70 % 708.661 MB 23477
1.314 s 98.70 % 724.242 MB 23477
1.346 s 98.80 % 739.234 MB 23477
1.374 s 98.80 % 753.725 MB 23477
1.401 s 98.80 % 769.225 MB 23477
1.433 s 98.80 % 786.985 MB 23477
1.462 s 98.80 % 804.168 MB 23477
1.491 s 99.40 % 820.855 MB 23477
1.522 s 99.40 % 838.889 MB 23477
1.552 s 99.40 % 856.109 MB 23477
1.593 s 98.90 % 875.192 MB 23477
1.612 s 98.90 % 885.109 MB 23477
1.641 s 98.90 % 901.906 MB 23477
1.673 s 98.90 % 920.179 MB 23477
1.706 s 98.90 % 936.202 MB 23477
1.736 s 99.70 % 950.313 MB 23477
1.762 s 99.70 % 964.940 MB 23477
1.793 s 99.70 % 982.942 MB 23477
1.823 s 99.70 % 1000.940 MB 23477
1.857 s 99.10 % 1018.970 MB 23477
1.884 s 99.10 % 1034.842 MB 23477
1.915 s 99.10 % 1051.058 MB 23477
1.948 s 99.10 % 1069.253 MB 23477
2.010 s 99.30 % 1092.149 MB 23477
2.037 s 99.30 % 1095.913 MB 23477
2.069 s 99.30 % 1095.913 MB 23477
2.097 s 97.20 % 1095.913 MB 23477
2.110 s 97.20 % 1095.913 MB 23477
2.143 s 97.20 % 1095.913 MB 23477
2.173 s 97.20 % 1095.913 MB 23477
2.210 s 97.20 % 1095.913 MB 23477
2.241 s 99.30 % 1095.913 MB 23477
2.269 s 99.30 % 1095.913 MB 23477
2.301 s 99.30 % 1095.913 MB 23477
2.333 s 99.30 % 1095.913 MB 23477
2.367 s 98.70 % 1095.913 MB 23477
2.395 s 98.70 % 1095.913 MB 23477
2.421 s 98.70 % 1095.913 MB 23477
2.451 s 98.70 % 1095.913 MB 23477
2.488 s 98.90 % 1095.913 MB 23477
2.518 s 98.90 % 1095.913 MB 23477
2.544 s 98.90 % 1095.913 MB 23477
2.573 s 98.90 % 1095.913 MB 23477
2.602 s 98.70 % 1095.913 MB 23477
2.642 s 98.70 % 1095.913 MB 23477
2.663 s 98.70 % 1095.913 MB 23477
2.693 s 98.70 % 1095.913 MB 23477
2.725 s 98.20 % 1095.913 MB 23477
2.759 s 98.20 % 1095.913 MB 23477
2.791 s 98.20 % 1095.913 MB 23477
2.818 s 98.20 % 1095.913 MB 23477
2.850 s 97.60 % 1095.913 MB 23477
2.881 s 97.60 % 1095.913 MB 23477
2.914 s 97.60 % 1095.913 MB 23477
2.944 s 97.60 % 1095.913 MB 23477
2.972 s 97.60 % 1095.913 MB 23477
3.002 s 97.10 % 1095.913 MB 23477
3.035 s 97.10 % 1095.913 MB 23477
3.069 s 97.10 % 1095.913 MB 23477
3.095 s 97.10 % 1095.913 MB 23477
3.128 s 100.00 % 1095.913 MB 23477
3.155 s 100.00 % 1095.913 MB 23477
3.186 s 100.00 % 1095.913 MB 23477
3.216 s 100.00 % 1095.913 MB 23477
3.246 s 98.70 % 1095.913 MB 23477
3.275 s 98.70 % 1095.913 MB 23477
3.306 s 98.70 % 1095.913 MB 23477
3.338 s 98.70 % 1095.913 MB 23477
3.374 s 98.90 % 1095.913 MB 23477
3.407 s 98.90 % 1095.913 MB 23477
3.430 s 98.90 % 1095.913 MB 23477
3.462 s 98.90 % 1095.913 MB 23477
3.492 s 98.10 % 1095.913 MB 23477
3.526 s 98.10 % 1095.913 MB 23477
3.555 s 98.10 % 1095.913 MB 23477
3.581 s 98.10 % 1095.913 MB 23477
3.612 s 99.00 % 1095.913 MB 23477
3.645 s 99.00 % 1095.913 MB 23477
3.678 s 99.00 % 1095.913 MB 23477
3.714 s 99.00 % 1095.913 MB 23477
3.739 s 97.90 % 1095.913 MB 23477
3.770 s 97.90 % 1095.913 MB 23477
3.809 s 97.90 % 1095.913 MB 23477
3.835 s 97.90 % 1095.913 MB 23477
3.861 s 97.80 % 1095.913 MB 23477
3.890 s 97.80 % 1095.913 MB 23477
3.937 s 97.80 % 927.875 MB 23477
3.967 s 97.80 % 559.043 MB 23477
3.985 s 97.90 % 334.381 MB 23477
4.015 s 97.90 % 22.172 MB 23477
4.032 s 97.90 % 22.192 MB 23477
Blocksize of 9 - {cost:15, blocksize:9, parallelism:1} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
14.20 % ± 9.62 % 0.60 % … 21.00 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
37.687 MB ± 17.146 MB 20.775 MB … 59.740 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.137 s 0.183 s 6 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.024 s 0.60 % 20.775 MB 23748
0.072 s 0.60 % 41.751 MB 23748
0.104 s 21.00 % 59.740 MB 23748
0.136 s 21.00 % 59.740 MB 23748
0.169 s 21.00 % 22.057 MB 23748
0.183 s 21.00 % 22.057 MB 23748
Blocksize of 10 - {cost:15, blocksize:10, parallelism:1} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
16.46 % ± 16.87 % 0.60 % … 42.90 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
41.805 MB ± 18.883 MB 20.660 MB … 64.053 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.149 s 0.2 s 7 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.024 s 0.60 % 20.660 MB 23767
0.072 s 7.20 % 40.935 MB 23767
0.103 s 7.20 % 58.663 MB 23767
0.133 s 7.20 % 64.053 MB 23767
0.164 s 7.20 % 64.053 MB 23767
0.198 s 42.90 % 22.135 MB 23767
0.200 s 42.90 % 22.135 MB 23767
Blocksize of 11 - {cost:15, blocksize:11, parallelism:1} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
18.80 % ± 15.24 % 1.20 % … 32.00 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
43.562 MB ± 20.569 MB 20.746 MB … 68.104 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.160 s 0.206 s 7 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.023 s 1.20 % 20.746 MB 23788
0.072 s 1.20 % 42.975 MB 23788
0.103 s 1.20 % 61.026 MB 23788
0.134 s 32.00 % 68.104 MB 23788
0.164 s 32.00 % 68.104 MB 23788
0.198 s 32.00 % 21.987 MB 23788
0.206 s 32.00 % 21.987 MB 23788
Blocksize of 12 - {cost:15, blocksize:12, parallelism:1} ↴
CPU Usage (avarage ± σ) CPU Usage Range (min … max)
----------------------- ---------------------------
22.75 % ± 16.29 % 0.60 % … 46.60 %
RAM Usage (avarage ± σ) RAM Usage Range (min … max)
----------------------- ---------------------------
47.866 MB ± 22.444 MB 21.070 MB … 72.593 MB
Execution time Sampling time Samples
-------------- ------------- ---------
0.180 s 0.234 s 8 samples
Instant CPU Usage RAM Usage PIDS
------- --------- --------- -----
0.025 s 0.60 % 21.070 MB 23809
0.072 s 0.60 % 40.772 MB 23809
0.103 s 21.90 % 58.741 MB 23809
0.135 s 21.90 % 72.593 MB 23809
0.164 s 21.90 % 72.593 MB 23809
0.195 s 21.90 % 72.593 MB 23809
0.232 s 46.60 % 22.282 MB 23809
0.234 s 46.60 % 22.282 MB 23809
The scrypt paper lists four test vectors to test implementation.
This package implements them here.
- hash(password, [options]) ⇒
Promise.<string> Computes the hash string of the given password in the PHC format using scrypt package.
- verify(phcstr, password) ⇒
Promise.<boolean> Determines whether or not the hash stored inside the PHC formatted string matches the hash generated for the password provided.
- identifiers() ⇒
Array.<string> Gets the list of all identifiers supported by this hashing function.
Computes the hash string of the given password in the PHC format using scrypt package.
Kind: global function
Returns: Promise.<string> - The generated secure hash string in the PHC
format.
Access: public
| Param | Type | Default | Description |
|---|---|---|---|
| password | string |
The password to hash. | |
| [options] | Object |
Optional configurations related to the hashing function. | |
| [options.blocksize] | number |
8 |
Optional amount of memory to use in kibibytes. Must be an integer within the range (8 <= memory <= 2^32-1). |
| [options.cost] | number |
15 |
Optional CPU/memory cost parameter. Must be an integer power of 2 within the range (2 <= cost <= 2^((128 * blocksize) / 8) - 1). |
| [options.parallelism] | number |
1 |
Optional degree of parallelism to use. Must be an integer within the range (1 <= parallelism <= ((2^32-1) * 32) / (128 * blocksize)). |
Determines whether or not the hash stored inside the PHC formatted string matches the hash generated for the password provided.
Kind: global function
Returns: Promise.<boolean> - A boolean that is true if the hash computed
for the password matches.
Access: public
| Param | Type | Description |
|---|---|---|
| phcstr | string |
Secure hash string generated from this package. |
| password | string |
User's password input. |
Gets the list of all identifiers supported by this hashing function.
Kind: global function
Returns: Array.<string> - A list of identifiers supported by this hashing function.
Access: public
- @phc/argon2 - 🔒 Node.JS Argon2 password hashing algorithm following the PHC string format.
- @phc/bcrypt - 🔒 Node.JS bcrypt password hashing algorithm following the PHC string format.
- @phc/pbkdf2 - 🔒 Node.JS PBKDF2 password hashing algorithm following the PHC string format.
Contributions are REALLY welcome and if you find a security flaw in this code, PLEASE report it.
- Simone Primarosa - Github (@simonepri) • Twitter (@simoneprimarosa)
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the license file for details.