User password is fed through crypto_scrypt (https://github.com/firebase/scrypt/blob/master/lib/crypto/crypto_scrypt.c) with the following parameters to generate a 512-bit key:
| parameter | value |
|---|---|
| password | bytes from user password |
| passwordlen | length of user password in bytes |
| salt | 80 bit salt from a pseudo-random number generator as specified in section 10.1.2 of the NIST SP 800-90 standard + 8-bit separator |
| saltlen | 11 |
| N | 16384 |
| r | 8 |
| p | 1 |
| buf | ptr to buffer for resulting key |
| buflen | 64 |
The first 256 bits of the resulting key are then used as key for AES-256 in CTR mode to encrypt the 512-bit "signing key" value. The resulting ciphertext from this AES-256 is what is used as the password hash. The plaintext signing key is a 512-bit value from a pseudo-random number generator as specified in section 10.1.2 of the NIST SP 800-90 standard. The signing key is the same across all accounts within a given auth instance and is held in the same database as the hash and the salt values.