scrypt
Scrypt is a password-based key derivation function (password based key derivation function), which was published in 2010 by Colin Percival. The development was motivated by Scrypt by the vulnerability of existing key derivation functions such as bcrypt and PBKDF2 against brute - force and dictionary attacks with specialized hardware.
Background
Passwords themselves are not suitable as a cryptographic key. Although the simple hash value of the password prevents back - calculation of the password, but does not protect against dictionary attacks, brute - force method and Rainbow Tables. Password-based key derivation functions are in the key calculation in addition a random number, the Salt incorporated, and specifically increase the complexity of the calculation of a key, making it difficult to make "testing " of many possibilities.
Scrypt measures the computational cost as opposed to other key derivation functions not only for the pure computation time. Instead, increased Scrypt also targeted the cost of the hardware that is appropriate to break a password in a certain time (dollar -seconds ). This paradigm shift is due to the fact that through the development of specialized hardware such as FPGAs and GPUs the real computation time can be reduced dramatically for refracting a password (custom hardware attack). The bcrypt in the key derivation function PBKDF2 and intended slowdown in the calculation by the number of hash operations ( iterations ) can be compensated for by parallelizing the attack with the use of special hardware. Such parallel programming can not in principle be prevented. Scrypt utilizes the fact of that memory is relatively expensive, requires a vector with (by default) to 16 MB and so drives up the cost for the use of specialized hardware in the air. This idea was already based on the key derivation function HEKS, but will be added in Scrypt to the sequencing.
History
Scrypt was developed by Colin Percival for the company Tarsnap and presented in May 2009 at the BSD Conference. By 2012, a draft of Scrypt as an Internet Draft was published by the IETF.
Description
Scrypt regarded as sequential memory -hard (sequential memory - intensive). In the Romix function is a vector with values of the Salsa20 / 8 function, a shortened version of the eight rounds stream cipher is filled Salsa20. Thereafter accessing it in a pseudo- random manner and thus ensures that the vector has to be kept in memory at all - or the computing time is extremely increased. Scrypt allows the parameterization of the cost of CPU ( computing time ) and the storage costs, and also has a parallelization parameters.
Security
Scrypt is relatively new and untested, but is considered as an alternative to bcrypt and PBKDF2. As the security password -based key derivation functions is measured primarily by its protection against dictionary attacks and brute - force method, the obvious vulnerability of other functions motivated to use new features such as relatively Scrypt. 2013 a theoretical vulnerability of Scrypt against a side-channel attack through cache timing was published. The password - dependent different access times to the memory vector in the subsequent iterations of Scrypt may under certain circumstances be used for a password screen ( cache- time attack). The authors point out that such an attack is currently only theoretical at Scrypt.