Crypt::ScryptKDF - Scrypt password based key derivation function


Creating / verifying scrypt-based password hash:

 use Crypt::ScryptKDF qw(scrypt_hash scrypt_hash_verify);

 my $hash1 = scrypt_hash("secret password");
 # .. later
 die "Invalid password" unless scrypt_hash_verify("secret password", $hash1);

 #or by specifying Scrypt parameters
 my $hash2 = scrypt_hash("secret password", \32, 16384, 8, 1, 32);
 # .. later
 die "Invalid password" unless scrypt_hash_verify("secret password", $hash2);

Creating raw scrypt-based derived key:

 use Crypt::ScryptKDF qw(scrypt_raw scrypt_hex scrypt_b64);

 my $binary_buffer = scrypt_raw($password, $salt, $N, $r, $p, $len);
 my $hexadecimal_string = scrypt_hex($password, $salt, $N, $r, $p, $len);
 my $base64_string = scrypt_b64($password, $salt, $N, $r, $p, $len);


Scrypt is a password-based key derivation function (like for example PBKDF2). Scrypt was designed to be "memory-hard" algorithm in order to make it expensive to perform large scale custom hardware attacks.

It can be used for:

  • deriving cryptographic keys from low-entropy password (like PBKDF2)

  • creating (+validating) password hashes (like PBKDF2 or Bcrypt)

More details about Scrypt: and

IMPORTANT: This module needs a cryptographically strong random number generator. It tries to use one of the following:


  • scrypt_raw

    Derive a key from given password and salt (+ optional params).

     my $derived_key_raw_bytes = scrypt_raw($password, $salt, $N, $r, $p, $len);
     my $derived_key_raw_bytes = scrypt_raw($password, $salt);
     #  $password - low-entropy secret (bytes)
     #  $salt - raw octects (bytes) with a salt
     #  $N - CPU/memory cost (has to be power of 2 and >1) DEFAULT: 2^14 = 16384
     #  $r - block size parameter                          DEFAULT: 8
     #  $p - parallelization parameter                     DEFAULT: 1
     #  $len - length of derived key (in bytes)            DEFAULT: 32
     #  $derived_key .. raw bytes of length $len
  • scrypt_hex

    Similar to scrypt_raw only the return value is encoded as hexadecimal value.

     my $derived_key_hex_string = scrypt_hex($password, $salt, $N, $r, $p, $len);
     my $derived_key_hex_string = scrypt_hex($password, $salt);
  • scrypt_b64

    Similar to scrypt_raw only the return value is BASE64 encoded.

     my $derived_key_base64_string = scrypt_b64($password, $salt, $N, $r, $p, $len);
     my $derived_key_base64_string = scrypt_b64($password, $salt);
  • scrypt_hash

    Create a password hash for given password.

     my $hash = scrypt_hash($password, $salt, $N, $r, $p, $len);
     #  params same as by scrypt_raw, the $salt can also be a scalar ref with salt
     #  length e.g. $salt=\24 means that salt will be 24 randomly generated bytes
     #  string with password hash (suitable for storing in DB) e.g.
     #  'SCRYPT:16384:8:1:BK8jkrqgm3BEtMh/g+WGL+k8ZeoAo=:YsEnQWld4UK8EqRZ9JuGbQnnlkXaM='

    Some of the parameters are optional:

     # 1 arg variant
     my $hash = scrypt_hash($password); # generate random salt (32 bytes)
     # 2 args variant
     my $hash = scrypt_hash($password, $salt); # use given $salt
     my $hash = scrypt_hash($password, \20);   # generate random salt (20 bytes)
     # 5 args variant
     my $hash = scrypt_hash($password, $N, $r, $p, $len); # random salt (32 bytes)
  • scrypt_hash_verify

    Verify a password hash created with scrypt_hash()

     my $is_valid = scrypt_hash_verify($password, $hash);
     #  $password - password to be verified
     #  $hash - hash previously created via scrypt_hash
     #  1 (ok) or 0 (fail)
  • random_bytes

    Generate random bytes of given length.

     my $salt = random_bytes($len);
     #  $len - number of random bytes
     #  $len random octets


This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.


Copyright (c) 2013-2015 DCIT, a.s. / Karel Miko