7

I've been recently taking a hard look at the scrypt system for storing users' passwords. However, I'm rather worried about it's security because of things like Litecoin miners.

Is scrypt secure enough to store passwords, even with the availability of Scrypt ASIC miners? Can people use scrypt ASIC miners to crack passwords in a reasonable time?

Kaz Wolfe
  • 382
  • 3
  • 11

1 Answers1

12

Theoretically speaking, Scrypt gives higher safety per unit compute time than already similar known ones. It is also possible, with Scrypt, to set the memory space needed to compute the result thus making a brute-force attacker pay penalties (in terms of memory and processor ... and GPU).

From a theoretical and algorithmic perspective Scrypt is superior in its domain and it makes it VERY expensive for custom hardware attacks to be conducted because it is a memory-hard algorithm.

However, even if Scrypt presented itself as an issue to Bitcoins GPU mining, GPU miners are flooding the Scrypt network ( I mention GPU miners because they are the most frequently used in Scrypt miners for this reason). But, by design, still an attacker needs to use lot of memory (but not necessarily more electricity) to speed his attempt (brute force) otherwise, less memory leads to slower attack: which thing Scrypt highly secure.

I think this table below gives you a more straightforward for the information you are looking for and you can judge by yourself:

enter image description here

(Source of the table)

We can make a parallel with bcrypt that was created 10 years earlier -before scrypt- ASIC miners was considered as a minor threat but nowadays an attacker could be equipped by big field-programmable gate array.

Because we do not know what tomorrow is hiding for us, and as the machines' processing power evolves, we can not really say anything about the future especially that ASIC resistant algorithms -such as Scrypt-adaptive-Nfactor algorithm- already have been developed for those who can not mine using expensive specialized computers. except that you can still rely on scrypt by the moment.