summaryrefslogtreecommitdiff
path: root/system/scrypt/README
blob: 1e17314d7e37323502e37fa9f18ab91e61e742ec (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
The scrypt key derivation function was originally developed for use in
the Tarsnap online backup system and is designed to be far more secure
against hardware brute-force attacks than alternative functions such as
PBKDF2 or bcrypt.

A simple password-based encryption utility is available as a
demonstration of the scrypt key derivation function. On modern hardware
and with default parameters, the cost of cracking the password on a file
encrypted by scrypt enc is approximately 100 billion times more than the
cost of cracking the same password on a file encrypted by openssl enc;
this means that a five-character password using scrypt is stronger than
a ten-character password using openssl.

In addition to the scrypt command-line utility, a development library
libscrypt-kdf can be built and installed by setting the LIB environment
variable: LIB=yes ./scrypt.SlackBuild

Before version 1.3.0 scrypt was able to read both passphrase and input
file from standard input. This stopped to work in 1.3.0. In future
versions it is planned to add an option to read passphrase using a
variety of methods. This SlackBuild can patch scrypt 1.3.0 to add the
option "--passphrase-env", which allows to read the passphrase from an
environment variable. To this end, set the PASS environment variable:
PASS=yes ./scrypt.SlackBuild

The patch is taken fron the branch
https://github.com/Tarsnap/scrypt/tree/passphrase-environ

Warning: using this patch is not officially supported by upstream.