Key Derivation Functions for R Based on Scrypt.

rscrypt

rscrypt is an R package for a collection of scrypt cryptographic functions. Scrypt is a password-based key derivation function created by Colin Percival. The algorithm was specifically designed to make it costly to perform large-scale custom hardware attacks by requiring large amounts of memory.

Requirements

This package makes use of native code, you will need to have a R package development environment installed on your system:

Windows: RTools for building packages Mac OSX: XCode Command Line Tools for building packages

Installation

To install directly from GitHub, run this:

if (!require("devtools"))
    install.packages("devtools")
devtools::install_github("rstudio/rscrypt")

Usage

Hash a password:

hashed <- scrypt::hashPassword("good password")

Verify a hashed password:

scrypt::verifyPassword(hashed, "bad bassword")
[1] FALSE

scrypt::verifyPassword(hashed, "good password")
[1] TRUE

Key derivation function

password <- charToRaw("my password")
salt <- sample(1:10, 32, replace=TRUE)
scrypt::scrypt(password, salt, 65536, 8, 1)

Password Hashing

The hashPassword and verifyPassword functions are designed be compatible with the node.js scrypt package. The output from hashPassword is a base64 encoded string containing multiple pieces of information that are required to verify the hash later on. Included in this output are the n, r and p parameters for the scrypt function, as well as a checksum and HMAC for verifying the integrity of the hash. Below is the format the hash.

Hash Format

offset	length
0	6	"scrypt"
6	1	scrypt data file version number (0)
7	1	log2(n) (big-endian must be between 1 and 63 inclusive)
8	4	r (big-endian integer; must satisfy r * p < 2^30)
12	4	p (big-endian integer; must satisfy r * p < 2^30)
16	32	salt
48	16	first 16 bytes of SHA256(bytes 0 .. 47)
64	32	HMAC-SHA256(bytes 0 .. 63)