Authen::Passphrase::Scrypt - passphrases using Tarsnap's scrypt algorithm


  use Authen::Passphrase::Scrypt;

  # Hash a password
  my $sc = Authen::Passphrase::Scrypt->new(
      passphrase => 'correcthorsebatterystaple'
  my $hash = $sc->as_rfc2307;
  say "The given password hashes to $hash";

  # Verify a password
  $sc = Authen::Passphrase::Scrypt->from_rfc2307($hash);
  say 'The password was "correcthorsebatterystaple"'
      if $sc->match('correcthorsebatterystaple');
  say 'The password was "xkcd"' if $sc->match('xkcd');

  # Advanced hashing
  my $sc = Authen::Passphrase::Scrypt->new(
      passphrase => 'xkcd',
      logN       => 14, # General work factor
      r          => 16, # Memory work factor
      p          => 1,  # CPU (parallellism) work factor
      salt       => 'SodiumChloride && sODIUMcHLORIDE', # Must be 32 bytes
  say 'The given password now hashes to ', $sc->as_rfc2307;


This is experimental code, DO NOT USE in security-critical software.

Scrypt is a key derivation function that was originally developed for use in the Tarsnap online backup system and is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.

Authen::Passphrase::Scrypt is a module for hashing and verifying passphrases using scrypt. It offers the same interface as Authen::Passphrase. It is not however possible to use this module from within Authen::Passphrase. The methods are:


Creates a new Authen::Passphrase::Scrypt from a given passphrase and parameters. Use this to hash a passphrase. This function takes either a key value list or a hashref. The arguments are:


The passphrase. Mandatory.


The general work factor (affects both CPU and memory cost). Defaults to 14


The blocksize (affects memory cost). Defaults to 16.


The parallelization factor (affects CPU cost). Defaults to 1.


A 32-byte string used as a salt. By default it is randomly generated using Data::Entropy.

All of the parameters change the result of the hash. They are all stored in the hash, so there is no need to store them separately (or provide them to the hash verification methods).

It is normally sufficient to only use the logN parameter to control the speed of scrypt. r and p are intended to be used only for fine-tuning: if scrypt uses too much memory but not enough CPU, decrease logN and increase p; if scrypt uses too much CPU but not enough memory, decrease logN and increase r.

Note that 2^logN must fit in 64 bits and r * p < 2^30.


Returns the hash of the passphrase, in RFC2307 format. This is "{SCRYPT}" followed by the base64-encoded 96-byte result described here:


Creates a new Authen::Passphrase::Scrypt from a hash in RFC2307 format. Use this to verify if a passphrase matches a hash.


Returns true if the given passphrase matches the hash, false otherwise.


These functions both croak. They are provided for compatibility with the Authen::Passphrase interface.




Marius Gavrilescu, <>


Copyright (C) 2017-2018 by Marius Gavrilescu

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.24.1 or, at your option, any later version of Perl 5 you may have available.