Functions for working with the scrypt key derivation functions
originally described by Colin Percival
< https://www.tarsnap.com/scrypt/scrypt.pdf> and in Percival and Josefsson
rscrypt is an R package for a collection of scrypt cryptographic functions. Scrypt is a password-based key derivation function created by Colin Percival. The algorithm was specifically designed to make it costly to perform large-scale custom hardware attacks by requiring large amounts of memory.
This package makes use of native code, you will need to have a R package development environment installed on your system:
Windows: RTools for building packages Mac OSX: XCode Command Line Tools for building packages
To install directly from GitHub, run this:
if (!require("devtools")) install.packages("devtools") devtools::install_github("rstudio/rscrypt")
Hash a password:
hashed <- scrypt::hashPassword("good password")
Verify a hashed password:
scrypt::verifyPassword(hashed, "bad bassword")  FALSE scrypt::verifyPassword(hashed, "good password")  TRUE
Key derivation function
password <- charToRaw("my password") salt <- sample(1:10, 32, replace=TRUE) scrypt::scrypt(password, salt, 65536, 8, 1)
verifyPassword functions are designed be compatible with the
node.js scrypt package. The output from
hashPassword is a base64 encoded string
containing multiple pieces of information that are required to verify the hash later on.
Included in this output are the n, r and p parameters for the scrypt function, as well as
a checksum and HMAC for verifying the integrity of the hash. Below is the format the hash.
offset length 0 6 "scrypt" 6 1 scrypt data file version number (0) 7 1 log2(n) (big-endian must be between 1 and 63 inclusive) 8 4 r (big-endian integer; must satisfy r * p < 2^30) 12 4 p (big-endian integer; must satisfy r * p < 2^30) 16 32 salt 48 16 first 16 bytes of SHA256(bytes 0 .. 47) 64 32 HMAC-SHA256(bytes 0 .. 63)