What is Scrypt?
A memory-hard key derivation function designed to make brute-force attacks expensive by requiring large amounts of RAM.
Scrypt was created by Colin Percival as a defense against hardware-accelerated password cracking.
How It Works
- Generates a large block of pseudorandom data in memory
- Repeatedly reads from random locations in this block
- The large memory requirement makes parallel attacks (GPUs, ASICs) expensive
Compared to Argon2
- Scrypt was the first widely-adopted memory-hard function
- Argon2 (2015) improved on scrypt's design and won the Password Hashing Competition
- Scrypt is still secure and widely deployed
- New projects should prefer Argon2id
Where It's Used
- Cryptocurrency mining (Litecoin, Dogecoin)
- Password hashing in various applications
- Key derivation for disk encryption
- Tarsnap backup service
Related Terms
Argon2
The winner of the Password Hashing Competition, designed to be resistant to GPU and ASIC-based cracking by requiring large amounts of memory.
Brute Force Attack
A trial-and-error method of cracking passwords or encryption by systematically trying every possible combination until the correct one is found. While simple in concept, brute force becomes impractical against sufficiently long, random secrets.
Key Derivation Function
A cryptographic function that derives one or more secret keys from a master secret, password, or other source of entropy. KDFs add security through computational cost and produce keys of the required length and format.
Salt
Random data added to a password before hashing to ensure identical passwords produce different hashes. Salting defeats rainbow table attacks and prevents attackers from identifying users with the same password.
Have more questions?
Use our guided flow to get the right next privacy step for Scrypt.
Open Guided Flow