Scrypt is a hashing algorithm first published in 2009 to address the security of passwords stored in a database. Generating such a hash is computationally intensive, meaning it takes a "long" time to generate a hash. This is fast enough for the sign-in process but makes it extremely costly to attempt brute-force to crack an existing password's hash.
SCrypt Modified is a fork of this algorithm. From its documentation, the intentions of the fork are unclear.
While official SCrypt takes password and salt to generate the hash, modified has a few additional steps:
- Generate
derivedKeyby creating a Scrypt hash wherepasswordis utf8-encoded, andsaltis base64-decoded salt + base64-decoded salt separator - Generate
hashby encrypting base64-decodedsignerKeywith aes-256-ctr wherekeyis the first 32 characters ofderivedKey, while using an empty initialization vector of length 16 - Final
hashmust be base64-encoded
You can find the Appwrite implementation of this algorithm in Scryptmodified.php.
You can also find more information about this Scrypt modified fork here.