scrypt: The Memory-Hard GPU Cruncher
The focus of password-based key derivation functions (KDFs) is to derive a secret from a secret. This has included the usage of crypt, PBKDF2 and bcrypt, which use a number of cryptography rounds to slow down the operation and generally add cost. Unfortunately, as the processor gets faster, the barrier caused by the number of iterations will reduce. This is especially the case if we use GPUs. Overall, PBKDF2 does not use up much memory, and so does not make things difficult for the GPU.
scrypt is based on an original paper from Colin Percival [2]:
The paper made the following estimates for costings:
with this, we see that scrypt has a significantly higher cost for cracking than bcrypt and PBKDF2. In this case, for approximately the same time to generate a key for each method, the cost for scrypt is always much higher. For 10 characters, we see that PBKDF2 (5.0 s) has a cost of £10m, while the same equivalent with scrypt is $210 billion. Even with six characters, scrypt has a cost of $900 to crack.
