Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

scrypt-js

Package Overview
Dependencies
Maintainers
1
Versions
9
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

scrypt-js - npm Package Compare versions

Comparing version 0.0.1 to 1.0.0

obsolete/immediate.js
obsolete/immediate.min.js
scrypt.js
thirdparty/buffer.js
thirdparty/setImmediate.js
thirdparty/unorm.js

8

package.json
{
"name": "scrypt-js",
"version": "0.0.1",
"version": "1.0.0",
"description": "The scrypt password-based key derivation function with asynchronous operation and ablility to be cancelled.",
"main": "index.js",
"main": "scrypt.js",
"scripts": {

@@ -15,5 +15,3 @@ "test": "echo \"Error: no test specified\" && exit 1"

"asynchronous",
"stepwise",
"pure",
"javascript"
"stepwise"
],

@@ -20,0 +18,0 @@ "author": "Richard Moore <me@ricmoo.com>",

78

README.md
scrypt
======
The scrypt password-base key derivation function (pkbdf) is an algorithm for converting a human readable password into a fixed length of bytes, which can then be used as a key for symetric block ciphers, private keys. et cetera.
The [scrypt](https://en.wikipedia.org/wiki/Scrypt) password-base key derivation function (pkbdf) is an algorithm designed to be brute-force resistant that converts human readable passwords into fixed length arrays of bytes, which can then be used as a key for symetric block ciphers, private keys, et cetera.
The scrypt algorithm is, by design, expensive to execute, which increases the amount of time an attacker requires in order to brute force guess a password, adjustable by several parameters which can be tuned:
- **N** - The general work factor; increasing this increases the difficulty of the overall derivation
- **p** - The memory cost; increasing this increases the memory required during derivation
- **r** - The parallelization factor; increasing the computation required during derivation
### Features:

@@ -16,11 +11,21 @@ - **Non-blocking** - Gives other events in the event loop opportunities to run (asynchrorous)

Todo
----
These are all coming soon (as of 2016-03-11):
These are all coming soon (as of 2016-03-12):
- Remove browser dependency on slow buffer
- Add test cases (from scrypt-async)
- Improve the demo page
Tuning
------
The scrypt algorithm is, by design, expensive to execute, which increases the amount of time an attacker requires in order to brute force guess a password, adjustable by several parameters which can be tuned:
- **N** - The general work factor; increasing this increases the difficulty of the overall derivation
- **p** - The memory cost; increasing this increases the memory required during derivation
- **r** - The parallelization factor; increasing the computation required during derivation
Installing

@@ -31,3 +36,3 @@ ----------

You should likely not use this module for *node.js* as there are many faster [alternatives](https://www.npmjs.com/package/scrypt), but if you so wish to:
You should likely not use this module for *node.js* as there are many faster [alternatives](https://www.npmjs.com/package/scrypt), but if you so wish to do so:

@@ -42,4 +47,6 @@ ```

```html
// coming soon
<script src="" type="text/javascript"></script>
<!-- This dependency will be removed soon -->
<script src="https://wzrd.in/standalone/buffer" type="text/javascript"></script>
<script src="https://raw.githubusercontent.com/ricmoo/scrypt-js/master/index.js" type="text/javascript"></script>
```

@@ -50,5 +57,38 @@

```html
<html>
<body>
<!-- These two libraries are highly recommended for encoding password/salt -->
<script src="libs/buffer.js" type="text/javascript"></script>
<script src="libs/unorm.js" type="text/javascript"></script>
<!-- This shim library greatly improves performance of the scrypt algorithm -->
<script src="libs/setImmediate.js" type="text/javascript"></script>
<script src="index.js" type="text/javascript"></script>
<script type="text/javascript">
// See the section below: "Encoding Notes"
var password = new buffer.SlowBuffer("anyPassword".normalize('NFKC'));
var salt = new buffer.SlowBuffer("someSalt".normalize('NFKC'));
var N = 1024, r = 8, p = 1;
var dkLen = 32;
scrypt(password, salt, N, r, p, dkLen, function(error, progress, key) {
if (error) {
console.log("Error: " + error);
} else if (key) {
console.log("Found: " + key);
} else {
// update UI with progress complete
updateInterface(progress);
}
});
</script>
</body>
</html>
```
Coming soon.
```

@@ -134,2 +174,3 @@ Encoding Notes

License

@@ -140,2 +181,13 @@ -------

References
----------
- [scrypt white paper](http://www.tarsnap.com/scrypt/scrypt.pdf)
- [wikipedia](https://en.wikipedia.org/wiki/Scrypt)
- [scrypt-async npm module](https://www.npmjs.com/package/scrypt-async)
- [scryptsy npm module](https://www.npmjs.com/package/scryptsy)
- [Unicode Equivalence](https://en.wikipedia.org/wiki/Unicode_equivalence)
Donations

@@ -142,0 +194,0 @@ ---------

index.js
index.html

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc