Sigh. How many different ways of encoding scrypt password hashes are there?
I found $7$… in libsodium, $scrypt$… in passlib, prefix-less $-separated in simple-scrypt and php-scrypt (one uses hex, the other base64), and surely a million ad-hoc ones.
Am I missing any libraries?
-
-
Yes, in $7$ the salt is verbatim. This is in line with md5crypt, sha*crypt, phpass where salts are supposed to use the same base 64 alphabet and encoding would be overhead, but I ended up regretting this decision when others encoded arbitrary binary salts in their scrypt formats.
-
yescrypt's "$y$" uses encoded salts so it's a universal format that other (ye)scrypt hash encodings can be converted to. The choice of "$7$" prefix appears to have been new with the spec
@jedisct1 referenced. Now "$7$" and "$y$" are also supported by libxcrypt and thus on Fedora.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.