Crypt::ScryptKDF - Scrypt password based key derivation function
###### creating raw scrypt-based derived key use Crypt::ScryptKDF qw(scrypt_raw scrypt_hex scrypt_b64); my $binary_buffer = scrypt_raw($password, $salt, $N, $r, $p, $len); my $hexadecimal_string = scrypt_hex($password, $salt, $N, $r, $p, $len); my $base64_string = scrypt_b64($password, $salt, $N, $r, $p, $len); #or $key_binary = scrypt_raw($password); $key_binary = scrypt_raw($password, $salt); $key_binary = scrypt_raw($password, $N, $r, $p, $len); #the same applies for $key_hex = scrypt_hex($password); $key_hex = scrypt_hex($password, $salt); $key_hex = scrypt_hex($password, $N, $r, $p, $len); $key_base64 = scrypt_b64($password); $key_base64 = scrypt_b64($password, $salt); $key_base64 = scrypt_b64($password, $N, $r, $p, $len); ###### creating / verifying scrypt-based password hash use Crypt::ScryptKDF qw(scrypt_hash scrypt_hash_verify random_bytes); my $hash = scrypt_hash("secret password"); # .. later die "Invalid password" unless scrypt_hash_verify("secret password", $hash); #or by specifying Scrypt parameters my $salt = random_bytes(32); my $hash = scrypt_hash($password, $salt, $N, $r, $p, $len); my $hash = scrypt_hash($password, $N, $r, $p, $len); my $hash = scrypt_hash($password, $salt);
Scrypt is a password-based key derivation function (like for example PBKDF2). Scrypt was designed to be "memory-hard" algorithm in order to make it expensive to perform large scale custom hardware attacks.
It can be used for:
deriving cryptographic keys from low-entropy password (like PBKDF2)
creating (+validating) password hashes (like PBKDF2 or Bcrypt)
More details about Scrypt: http://www.tarsnap.com/scrypt/scrypt.pdf and https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00
IMPORTANT: This module needs a cryptographically strong random number generator. It tries to use one of the following:
Crypt::OpenSSL::Random - random_bytes()
Net::SSLeay - RAND_bytes()
Crypt::Random - makerandom_octet()
Bytes::Random::Secure - random_bytes()
As an unsecure fallback it uses built-in rand()
scrypt_raw
my $derived_key_raw_bytes = scrypt_raw($password, $salt, $N, $r, $p, $len); # $password - low-entropy secret (bytes) # $salt - random bytes (bytes) # $N - CPU/memory cost (has to be power of 2 and >1); DEFAULT: 2^14 # $r - block size parameter; DEFAULT: 8 # $p - parallelization parameter; DEFAULT: 1 # $len - length of derived key (in bytes); DEFAULT: 32 #returns: # derived key (raw bytes) of length $len
scrypt_hex
Similar to scrypt_raw only the return value is encoded as hexadecimal value.
scrypt_b64
Similar to scrypt_raw only the return value is BASE64 encoded.
scrypt_hash
my $hash_string = scrypt_hash($password, $salt, $N, $r, $p, $len); # arguments same as scrypt_raw #returns: # string with password hash (suitable for storing in DB) e.g. # 'SCRYPT:16384:8:1:BK8jkrqgm3BEtMh/g+WGL+k8ZeoAo=:YsEnQWld4UK8EqRZ9JuGbQnnlkXaM='
scrypt_hash_verify
my $is_valid = scrypt_hash_verify($password, $hash); # $password - password to be verified # $hash - hash previously created via scrypt_hash #returns: # 1 (ok) or 0 (fail)
random_bytes
my $salt = random_bytes($len); # $len - number of ramdom bytes #returns: # $len random octets
Copyright (c) 2013 DCIT, a.s. http://www.dcit.cz / Karel Miko
To install Crypt::ScryptKDF, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Crypt::ScryptKDF
CPAN shell
perl -MCPAN -e shell install Crypt::ScryptKDF
For more information on module installation, please visit the detailed CPAN module installation guide.