As I understand the maximum time parameter:
data = scrypt.encrypt('MESSAGE', 'password', maxtime=0.1)
Means python will hash for that amount of time.
However, I can go down as low as .76 and it will still decrypt
scrypt.decrypt(data, 'password', maxtime=0.076)
What's the cause for this? Why don't I need a decrypt maxtime = encrypt maxtime?
You dont, but it is recommended that you set it at least 0.5 to interfere with brute force attacks on your passwords. maxtime is not only the maximum time, but the minimum time too. If you set max time too low, the library will not have enough time to decrypt it. I'd stick with the higher values.
scrypt explains some of it
