scrypt is a password-based key derivation function designed to be both computationally and memory-intensive, making it resistant to brute-force attacks using specialized hardware like GPUs and ASICs.
scrypt requires a large amount of memory to compute, which is expensive to implement in parallel on GPUs or custom hardware. It uses a memory-hard algorithm that mixes data in a large memory buffer.
scrypt(password, salt, N, r, p, keyLen)
N: CPU/memory cost parameter (power of 2, e.g., 2^14)
r: Block size parameter (typically 8)
p: Parallelization parameter (typically 1)
Memory usage ≈ 128 * N * r bytes
Time ≈ proportional to N * r * p# Python
import hashlib
password = b"secretpassword"
salt = os.urandom(16)
# Derive key using scrypt
derived_key = hashlib.scrypt(
password,
salt=salt,
n=16384, # 2^14
r=8,
p=1,
dklen=32
)