User password is fed through crypto_scrypt (https://github.com/firebase/scrypt/blob/master/lib/crypto/crypto_scrypt.c) with the following parameters to generate a 512-bit key:
parameter | value |
---|---|
password | bytes from user password |
passwordlen | length of user password in bytes |
salt | 80 bit salt from a pseudo-random number generator as specified in section 10.1.2 of the NIST SP 800-90 standard + 8-bit separator |
saltlen | 11 |
N | 16384 |
r | 8 |
p | 1 |
buf | ptr to buffer for resulting key |
buflen | 64 |
The first 256 bits of the resulting key are then used as key for AES-256 in CTR mode to encrypt the 512-bit "signing key" value. The resulting ciphertext from this AES-256 is what is used as the password hash. The plaintext signing key is a 512-bit value from a pseudo-random number generator as specified in section 10.1.2 of the NIST SP 800-90 standard. The signing key is the same across all accounts within a given auth instance and is held in the same database as the hash and the salt values.