Scrypt is a hashing algorithm first published in 2009 to address the security of passwords stored in a database. Generating such a hash is computationally intensive, meaning it takes a "long" time to generate a hash. This is fast enough for the sign-in process but makes it extremely costly to attempt brute-force to crack an existing password's hash.
SCrypt Modified is a fork of this algorithm. From its documentation, the intentions of the fork are unclear.
While official SCrypt takes password
and salt
to generate the hash, modified has a few additional steps:
- Generate
derivedKey
by creating a Scrypt hash wherepassword
is utf8-encoded, andsalt
is base64-decoded salt + base64-decoded salt separator - Generate
hash
by encrypting base64-decodedsignerKey
with aes-256-ctr wherekey
is the first 32 characters ofderivedKey
, while using an empty initialization vector of length 16 - Final
hash
must be base64-encoded
You can find the Appwrite implementation of this algorithm in Scryptmodified.php.
You can also find more information about this Scrypt modified fork here.