Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Scrypt

1 min read
Pronunciation
[ess-kript]
Analogy
If PBKDF2 makes an attacker do many push-ups (CPU work) for each password guess, Scrypt makes them do many push-ups *and* requires them to use a lot of heavy, bulky equipment (memory) for each guess. This makes it much harder for an attacker to build a specialized gym (custom hardware) to speed up their guessing.
Definition
A password-based key derivation function (KDF) designed by Colin Percival. Scrypt is intentionally computationally and memory intensive to make large-scale custom hardware attacks (like those using GPUs or ASICs) more costly than for alternative functions like PBKDF2.
Key Points Intro
Scrypt is a memory-hard KDF designed for robust password hashing.
Key Points

Designed to be more resistant to custom hardware attacks than PBKDF2.

Requires a large amount of memory, making parallel computation on many cores (as in GPUs) less efficient.

Parameters include CPU cost (N), memory cost (r), and parallelization cost (p).

Used for password hashing in some cryptocurrencies (like Litecoin originally) and various software applications.

Example
Some online services that prioritize password security might use Scrypt to hash user passwords, making it significantly more expensive for attackers to crack them even if a database of hashes is stolen.
Technical Deep Dive
Scrypt's memory hardness comes from its use of a large vector of pseudorandom bitstrings that are generated early in the algorithm and then accessed in a pseudorandom order later. To compute the derived key, a significant portion of this vector must be kept in RAM. This design forces attackers who want to perform many computations in parallel to also have a correspondingly large amount of memory for each parallel thread, increasing the cost of custom hardware. The main algorithm involves an outer loop that generates blocks for the derived key, and an inner routine called Salsa20/8 core (or a similar function) combined with a memory-intensive mixing function called ROMix.
Security Warning
Proper parameter selection for Scrypt (N, r, p) is crucial and depends on the specific application's security requirements and performance constraints. Incorrect or weak parameters can undermine its security benefits. While Scrypt is more resistant to GPU/ASIC attacks than PBKDF2, sufficiently motivated attackers can still build custom hardware, so using strong, unique passwords remains essential.
Related Terms
Key Derivation Function
KDF
PBKDF2

Scrypt - Related Articles

No related articles for this term.