Skip to main content
function scrypt(
   _passwd, 
   _salt, 
   N, 
   r, 
   p, 
   dkLen, 
progress?): Promise<string>
The scrypt PBKDF uses a memory and cpu hard method of derivation to increase the resource cost to brute-force a password for a given key. This means this algorithm is intentionally slow, and can be tuned to become slower. As computation and memory speed improve over time, increasing the difficulty maintains the cost of an attacker. For example, if a target time of 5 seconds is used, a legitimate user which knows their password requires only 5 seconds to unlock their account. A 6 character password has 68 billion possibilities, which would require an attacker to invest over 10,000 years of CPU time. This is of course a crude example (as password generally aren’t random), but demonstrates to value of imposing large costs to decryption. For this reason, if building a UI which involved decrypting or encrypting datsa using scrypt, it is recommended to use a ProgressCallback (as event short periods can seem lik an eternity if the UI freezes). Including the phrase //“decrypting”// in the UI can also help, assuring the user their waiting is for a good reason.

Parameters

ParameterTypeDescription
_passwdBytesLikeThe password to use.
_saltBytesLikeThe salt to use.
NnumberThe CPU/memory cost parameter.
rnumberThe block size parameter.
pnumberThe parallelization parameter.
dkLennumberThe length of the key to generate.
progress?ProgressCallbackA callback to update the progress.

Returns

Promise<string> The key derived from the password.

Example

// The password must be converted to bytes, and it is generally
// best practices to ensure the string has been normalized. Many
// formats explicitly indicate the normalization form to use.
password = 'hello';
passwordBytes = toUtf8Bytes(password, 'NFKC');

salt = id('some-salt');

// Compute the scrypt
scrypt(passwordBytes, salt, 1024, 8, 1, 16);

Source

crypto/scrypt.ts:88