2

I was thinking some time if I should post that question here or at crypto.stackexchange.com. I think the question is more related to implementation than to theory, so here we go:

I have decided to use scrypt as the password hashing method for my future backends. Some of my backends are written in Perl, so I plan to use Crypt::ScryptKDF.

It is quite clear how to use it, but one question is left: scrypt is (to my best knowledge) more a key derivation function than a hashing function. So how is the hashing actually done?

Does it just encrypt the (salted) input string (e.g. a password) with the key which it has derived from the same (salted) input string (password), or is there more to it?

Borodin
  • 126,100
  • 9
  • 70
  • 144
Binarus
  • 4,005
  • 3
  • 25
  • 41
  • There's a pdf linked to in the module documentation that explains the algorithm... – Shawn Sep 23 '18 at 03:47
  • @Shawn I have seen this paper and a few other articles, but they all (as far as I have understood) only explain how the password is transformed into a key. They do not explain how that key usually is used to produce the final hash from a password. As far as I have understood, the key which is produced by `scrypt` usually is *not* used directly as the password hash. I would be happy if you would correct me if I am wrong. – Binarus Sep 23 '18 at 08:39

0 Answers0