{"id":7707,"library":"scrypt","title":"Python Scrypt Bindings","description":"The `scrypt` library provides Python bindings for the scrypt key derivation function, which is designed to make brute-force attacks on password hashes more difficult by requiring more memory and CPU. It's commonly used for securely hashing passwords. The current version is 0.9.4, with minor releases occurring periodically to address bug fixes and build improvements.","status":"active","version":"0.9.4","language":"en","source_language":"en","source_url":"https://github.com/holgern/py-scrypt","tags":["security","cryptography","key-derivation","password-hashing"],"install":[{"cmd":"pip install scrypt","lang":"bash","label":"Install stable version"}],"dependencies":[],"imports":[{"symbol":"scrypt","correct":"import scrypt"},{"note":"The hashing function is directly named 'hash' within the scrypt module.","wrong":"from scrypt import scrypt_hash","symbol":"hash","correct":"from scrypt import hash"},{"symbol":"verify","correct":"from scrypt import verify"}],"quickstart":{"code":"import scrypt\nimport os\n\n# --- Parameters for scrypt (N, r, p) ---\n# N: CPU/Memory cost parameter (must be a power of 2, e.g., 2**14 = 16384)\n#    Higher N means more work, increasing security against brute-force attacks.\n# r: Block size parameter\n# p: Parallelization parameter\n# Choosing these values appropriately is critical for security and performance.\n# For production, recommended values are often N=2**14 to 2**20, r=8, p=1.\n# Values too high can cause excessive memory/CPU usage, potentially leading to DoS.\nN = 16384  # 2**14\nr = 8\np = 1\n\npassword = b\"my_super_secret_password\"\n# Generate a cryptographically secure random salt (at least 16 bytes)\nsalt = os.urandom(16)\n\ntry:\n    # 1. Hash the password\n    # The hash function returns bytes\n    hashed_password_bytes = scrypt.hash(password, salt, N, r, p)\n    print(f\"Scrypt hash (hex): {hashed_password_bytes.hex()}\")\n\n    # 2. Verify the password\n    # For verification, the original password, salt, and parameters (N, r, p)\n    # used during hashing must be provided.\n    is_valid = scrypt.verify(password, hashed_password_bytes, salt, N, r, p)\n    print(f\"Password verification successful: {is_valid}\")\n\n    # Example of a wrong password\n    wrong_password = b\"wrong_password\"\n    try:\n        scrypt.verify(wrong_password, hashed_password_bytes, salt, N, r, p)\n        print(\"Verification with wrong password succeeded (ERROR!)\")\n    except scrypt.error:\n        print(\"Verification with wrong password failed (EXPECTED)\")\n\nexcept scrypt.error as e:\n    print(f\"An scrypt error occurred: {e}\")\nexcept Exception as e:\n    print(f\"An unexpected error occurred: {e}\")\n\n# In a real application, you would store the salt and N, r, p parameters\n# alongside the hash (e.g., as part of a standard scrypt format string like $s0$...)\n# The 'scrypt' library does not provide this format string generation directly;\n# you need to implement that logic yourself or use a higher-level library.","lang":"python","description":"This quickstart demonstrates how to hash a password using `scrypt.hash()` and verify it with `scrypt.verify()`. It highlights the importance of `N`, `r`, and `p` parameters and the use of cryptographically secure random salts. Inputs (password and salt) must be `bytes`."},"warnings":[{"fix":"Ensure you have the appropriate build tools installed for your operating system before running `pip install scrypt`.","message":"Installing `scrypt` requires a C compiler and development headers for your system. On Windows, this means Visual C++ Build Tools; on Linux, `build-essential` (Debian/Ubuntu) or `Development Tools` (Fedora/RHEL); on macOS, Xcode Command Line Tools.","severity":"breaking","affected_versions":"All versions"},{"fix":"Encode your strings to bytes, e.g., `password.encode('utf-8')` or prefix with `b''` for byte literals.","message":"The `scrypt.hash` and `scrypt.verify` functions expect `bytes` objects for password and salt inputs, not `str`.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Consult security best practices for scrypt parameter selection. N should be a power of 2. For production, typical values might be N=2**14 to 2**20, r=8, p=1, but these should be adjusted based on available resources and security requirements. Test thoroughly.","message":"Choosing the right `N`, `r`, and `p` parameters is crucial. Incorrectly chosen high values can lead to excessive memory/CPU consumption, making your application vulnerable to denial-of-service attacks, while low values compromise security.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Implement a custom serialization scheme to store the salt, N, r, p, and the derived hash together, or wrap `scrypt` with a library that provides this functionality (e.g., `passlib`).","message":"The `scrypt` library does not automatically format hashes into a standard string format (e.g., `$s0$...`) that includes the salt and parameters. Users must manually store or encode these alongside the hash for later verification.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Run `pip install scrypt` to install the library.","cause":"The `scrypt` package is not installed in your Python environment.","error":"ModuleNotFoundError: No module named 'scrypt'"},{"fix":"Ensure that both your password and salt are `bytes` objects. Convert strings using `.encode('utf-8')` or by prefixing string literals with `b` (e.g., `b\"password\"`).","cause":"The `scrypt.hash()` or `scrypt.verify()` function received a string (`str`) where it expected bytes (`bytes`) for password or salt.","error":"TypeError: Expected bytes, got str"},{"fix":"Install the necessary build tools: \n- **Windows**: Install 'Build Tools for Visual Studio 20XX' from Microsoft (e.g., Visual C++ build tools 14.0 or greater).\n- **Debian/Ubuntu**: `sudo apt-get install build-essential python3-dev`\n- **Fedora/RHEL**: `sudo yum groupinstall 'Development Tools' && sudo yum install python3-devel`\n- **macOS**: `xcode-select --install` (Xcode Command Line Tools).","cause":"The `scrypt` library is a C extension and requires a C compiler and development headers to be present on your system for installation.","error":"error: command 'gcc' failed with exit status 1 (or similar C compiler error during installation)"},{"fix":"Review your `N`, `r`, and `p` values. `N` must be a power of 2 (e.g., 2048, 4096, 16384). `r` and `p` typically default to 8 and 1 respectively, and must be positive integers. Ensure they match the values used during hashing if verifying.","cause":"The provided `N`, `r`, or `p` parameters are outside the valid range, or `N` is not a power of 2, or the combination leads to an impossible memory/CPU allocation.","error":"scrypt.error: Invalid scrypt parameters (N, r, p)"}]}