Question 1

What is scrypt?

Accepted Answer

Scrypt is a password-based key derivation function designed by Colin Percival in 2009. It is intentionally memory-hard — making it expensive to run on GPUs and ASICs — which makes brute-force attacks much more costly than with bcrypt or PBKDF2.

Question 2

What do the N, r, p parameters mean?

Accepted Answer

N is the CPU/memory cost parameter (must be a power of 2). r is the block size. p is the parallelisation factor. Increasing N makes hashing slower and more memory-intensive. A common safe default is N=16384 (2^14), r=8, p=1.

Question 3

How is scrypt different from bcrypt?

Accepted Answer

Bcrypt is CPU-intensive but not memory-intensive, making it faster to crack on modern GPU rigs. Scrypt requires both large amounts of CPU and RAM, making parallel GPU attacks proportionally more expensive. Argon2 is the modern successor to both.

Scrypt Hash Generator

Generate and verify scrypt password hashes — configure N, r, p in your browser

About Scrypt

What is scrypt?

What do N, r, p mean?

Scrypt vs bcrypt vs Argon2