crypto: golang.org/x/crypto/scrypt Index | Examples | Files

package scrypt

import "golang.org/x/crypto/scrypt"

Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (https://www.tarsnap.com/scrypt/scrypt.pdf).

Code:

// DO NOT use this salt value; generate your own random salt. 8 bytes is
// a good length.
salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b}

dk, err := scrypt.Key([]byte("some password"), salt, 1<<15, 8, 1, 32)
if err != nil {
    log.Fatal(err)
}
fmt.Println(base64.StdEncoding.EncodeToString(dk))

Output:

lGnMz8io0AUkfzn6Pls1qX20Vs7PGN6sbYQ2TQgY12M=

Index

Examples

Package Files

scrypt.go

func Key Uses

func Key(password, salt []byte, N, r, p, keyLen int) ([]byte, error)

Key derives a key from the password, salt, and cost parameters, returning a byte slice of length keyLen that can be used as cryptographic key.

N is a CPU/memory cost parameter, which must be a power of two greater than 1. r and p must satisfy r * p < 2³⁰. If the parameters do not satisfy the limits, the function returns a nil byte slice and an error.

For example, you can get a derived key for e.g. AES-256 (which needs a 32-byte key) by doing:

dk, err := scrypt.Key([]byte("some password"), salt, 16384, 8, 1, 32)

The recommended parameters for interactive logins as of 2017 are N=32768, r=8 and p=1. The parameters N, r, and p should be increased as memory latency and CPU parallelism increases; consider setting N to the highest power of 2 you can derive within 100 milliseconds. Remember to get a good random salt.

Package scrypt imports 3 packages (graph) and is imported by 285 packages. Updated 2017-10-21. Refresh now. Tools for package owners.