Question 1

What is scrypt?

Accepted Answer

Scrypt is a password-based key derivation function designed to be memory-hard and computationally intensive. It was created to resist brute-force attacks by requiring large amounts of memory as well as CPU time. Scrypt is widely used for secure password storage and proof-of-work in cryptocurrencies like Litecoin.

Question 2

What do the N, r, and p parameters mean?

Accepted Answer

N is the CPU/memory cost factor — it controls how much memory and time is required (must be a power of 2). r is the block size factor that affects the memory bandwidth. p is the parallelisation factor. Higher N increases both time and memory; r and p provide finer-grained tuning. Recommended defaults are N=16384, r=8, p=1 for interactive logins, or N=1048576 for long-term storage.

Question 3

How is scrypt different from bcrypt?

Accepted Answer

Both bcrypt and scrypt are designed to be slow and resist brute-force attacks. Scrypt goes further by being memory-hard: it requires a large amount of RAM in addition to CPU time, making GPU and ASIC-based attacks significantly more expensive. Scrypt is generally recommended for higher-security use cases, while bcrypt remains a solid, battle-tested choice.

Question 4

Is it safe to use this tool for real passwords?

Accepted Answer

This tool runs entirely in your browser — your password and salt are never sent to any server. However, for production applications you should use scrypt (or Argon2id) through a server-side library with a securely generated random salt stored alongside the hash. This tool is intended for learning, testing, and development purposes.

ilmaiset web-kehittäjän työkalut

Scrypt Hash Generator

Generate

Hash Output

Scrypt Hash Generator

What it does

Use cases

Choosing parameters

Salt handling

Browser-side processing