{"id":16835359,"url":"https://github.com/defuse/yescrypt","last_synced_at":"2025-03-22T04:30:49.815Z","repository":{"id":31493287,"uuid":"35057482","full_name":"defuse/yescrypt","owner":"defuse","description":"Non-C Implementations of the yescrypt KDF.","archived":false,"fork":false,"pushed_at":"2019-01-16T23:26:13.000Z","size":679,"stargazers_count":29,"open_issues_count":15,"forks_count":8,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-18T08:11:18.804Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/defuse.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-05-04T20:24:05.000Z","updated_at":"2024-12-23T18:49:59.000Z","dependencies_parsed_at":"2022-09-09T14:40:27.339Z","dependency_job_id":null,"html_url":"https://github.com/defuse/yescrypt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defuse%2Fyescrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defuse%2Fyescrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defuse%2Fyescrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defuse%2Fyescrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/defuse","download_url":"https://codeload.github.com/defuse/yescrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244907420,"owners_count":20529850,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T12:09:52.172Z","updated_at":"2025-03-22T04:30:49.278Z","avatar_url":"https://github.com/defuse.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"yescrypt\n==========\n\n[![Build Status](https://travis-ci.org/defuse/yescrypt.svg?branch=master)](https://travis-ci.org/defuse/yescrypt)\n\nThis repository holds my implementations of the yescrypt algorithm done for\nGoogle Summer of Code 2015. *WARNING:* This code has not yet been brought up to\ndate with the latest version of yescrypt, yescrypt 1.0. This is being tracked in\n[GitHub Issue #32](https://github.com/defuse/yescrypt/issues/32).\n\nDocumentation\n---------------\n\nHere are some useful yescrypt and scrypt links:\n\n- [All Password Hashing Competition candidates](https://password-hashing.net/candidates.html)\n- [The yescrypt specification](https://password-hashing.net/submissions/specs/yescrypt-v1.pdf)\n- [The yescrypt C implementations](https://password-hashing.net/submissions/yescrypt-v1.tar.gz)\n- [Colin Percival's scrypt paper](https://www.tarsnap.com/scrypt/scrypt.pdf)\n- [The scrypt Internet-Draft](https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-02)\n\nOptimization\n---------------\n\nCurrently, none of the implementations are optimized.\n\nUsing a non-optimized implementation in production is a security weakness. This\nis because you are forced to use weaker parameters than you could have with an\noptimized implementation, and therefore the attacker has more of an advantage.\n\nUse an optimized native implementation if possible.\n\nAudit Status\n---------------\n\nNone of the code in this repository has been professionally reviewed. The code\nhere should be considered experimental and not used in production until this\nnotice is removed.\n\nReporting Security Bugs\n-------------------------\n\nPlease disclose bugs publicly by opening an issue on GitHub. If you need to\ndisclose privately for some reason, or don't have a GitHub account, you can find\nmy contact information [here](https://defuse.ca/contact.htm).\n\nThe `ecmascript_simd` polyfill\n--------------------------------\n\nThe polyfill for SIMD operations, in `javascript/ecmascript_simd.js`, was taken\nfrom [tc38/ecmascript_simd](https://github.com/tc39/ecmascript_simd/) and\nmodified to support `shiftRightLogicalByScalar` on `Int32x4`.\n\nCommon API\n----------\n\nEach of the yescrypt implementations provides the following command-line API:\n\n```\nyescrypt-cli \u003cfunction\u003e \u003cargs...\u003e\n```\n\nHere, `\u003cfunction\u003e` can be one of the following:\n\n- `yescrypt`: Compute the `yescrypt` function using arguments `password` (hex\n  encoded), `salt` (hex encoded), `N`, `r`, `p`, `t`, `g`, `flags`, and `dkLen`\n  in that order.\n\n- `pwxform`: Compute the `pwxform` function on the arguments `pwxblock` (hex\n  encoded) and `sbox` (hex encoded) in that order.\n\n- `salsa20_8`: Compute the salsa20 function reduced to 8 rounds on the\n  hex-encoded cell provided as the next argument.\n\n- `benchmark`: Run a performance benchmark (see below for arguments.).\n\nWhen `\u003cfunction\u003e` is `benchmark`, the next argument is the iteration count, and\nthen further arguments can be:\n\n- `yescrypt`: Benchmark the yescrypt function, with the following arguments\n  being `N`, `r`, `p`, `t`, `g`, `flags`, and `dkLen` in that order, printing\n  the performance of computing yescypt with those parameters on random\n  passphrases and salts in c/s.\n\n- `pwxform`: Benchmark the `pwxform` function on a random block and sbox,\n  printing the result in c/s.\n\n- `salsa20_8`: Benchmark the `salsa20_8` function on a random cell, printing the\n  result in c/s.\n\nEach implementation is expected to report its average performance for that many\niterations of the requested function. Implementations should strive to return as\naccurate results as possible. If no meaningful accuracy is possible given the\nprovided iteration count, the benchmark command may fail with an error message.\n\nThe rationale for making each implementation have their own timing code is that\nfirstly, the overhead of process creation, etc. is not included in the running\ntime, and secondly, that each language \"knows best\" how to benchmark itself.\n\nThe rationale for not letting implementations decide the iteration count for\nthemselves is that the benchmark user is the one who decides how long they want\nto run the benchmarks for and what kind of accuracy they expect.\n\nFunding\n=======\n\nTaylor's work on this project was funded by [Google Summer of\nCode](https://developers.google.com/open-source/gsoc/) and by 20% \"fun friday\"\ntime at [Zcash](https://z.cash).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdefuse%2Fyescrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdefuse%2Fyescrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdefuse%2Fyescrypt/lists"}