{"id":14973091,"url":"https://github.com/firebase/scrypt","last_synced_at":"2025-10-01T23:30:28.994Z","repository":{"id":66068697,"uuid":"120499887","full_name":"firebase/scrypt","owner":"firebase","description":"The scrypt key derivation function was originally developed for use in the Tarsnap online backup system and is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.","archived":false,"fork":true,"pushed_at":"2023-10-06T21:02:31.000Z","size":347,"stargazers_count":101,"open_issues_count":1,"forks_count":19,"subscribers_count":49,"default_branch":"master","last_synced_at":"2024-09-28T17:01:37.941Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.tarsnap.com/scrypt.html","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"Tarsnap/scrypt","license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/firebase.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-02-06T17:54:17.000Z","updated_at":"2024-09-10T04:42:16.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/firebase/scrypt","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firebase%2Fscrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firebase%2Fscrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firebase%2Fscrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firebase%2Fscrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/firebase","download_url":"https://codeload.github.com/firebase/scrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234909085,"owners_count":18905503,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-09-24T13:48:05.987Z","updated_at":"2025-10-01T23:30:28.684Z","avatar_url":"https://github.com/firebase.png","language":"C","readme":"# Firebase Authentication Password Hashing\nFirebase Authentication uses an internally modified version of scrypt to hash\naccount passwords. Even when an account is uploaded with a password using a\ndifferent algorithm, Firebase Auth will rehash the password the first time that\naccount successfully logs in. Accounts downloaded from Firebase Authentication\nwill only ever contain a password hash if one for this version of scrypt is\navailable, or contain an empty password hash otherwise.\n\nSee README_SCRYPT for more information about the scrypt library.\n\n## Table of Contents\n\n * [Finding the Password Hash Parameters](#finding-the-password-hash-parameters)\n * [Downloading User Accounts](#downloading-user-accounts)\n * [Building ](#building)\n * [Password Hashing](#password-hashing)\n * [Other languages](#other-languages)\n\n## Finding the Password Hash Parameters\nFirebase generates unique password hash parameters for each Firebase project. To\naccess these parameters, navigate to the 'Users' tab of the 'Authentication'\nsection in the Firebase Console and select 'Password Hash Parameters' from the\ndrop down in the upper-right hand corner of the users table.\n\n## Downloading User Accounts\nThe `auth:export` command is usd to export user accounts to JSON and CSV files.\nPlease visit https://firebase.google.com/docs/cli/auth to learn more about\nexporting your project's users accounts. For password hashing, you will need the\nPassword Hash and Password Salt fields for the exported accounts.\n\n### Building\nTo build scrypt, see the BUILDING file.\n\n## Password Hashing\nA simple password-based encryption utility is available as a demonstration of\nthe `scrypt` library. It can be invoked as `scrypt {key} {salt} {rounds}\n{memcost} [-P]`. The utility will ask for a plain text password and output a\nhash upon success. This hash should be encoded to base64 and compared to the\npassword hash of the exported user account.\n\n* {key} - The signer key from the project's password hash parameters. This key\n  must be decoded from base64 before being passed to the utility.\n* {salt} - Concatenation of the password salt from the exported account and the\n  salt separator from the project's password hash parameters. Each half must be\n  decoded from base64 before concatenation.\n* {rounds} - The rounds parameter from the project's password hash parameters.\n* {memcost} - The mem_cost parameter from the project's password hash\n  parameters.\n* [-P] - An optional `-P` may also be supplied to allow for the raw text\n  password to be read from STDIN.\n\nSample Password hash parameters from Firebase Console:\n\n```\nhash_config {\n  algorithm: SCRYPT,\n  base64_signer_key: jxspr8Ki0RYycVU8zykbdLGjFQ3McFUH0uiiTvC8pVMXAn210wjLNmdZJzxUECKbm0QsEmYUSDzZvpjeJ9WmXA==,\n  base64_salt_separator: Bw==,\n  rounds: 8,\n  mem_cost: 14,\n}\n```\n\nExporting a project's accounts:\n\n```\n# Export a project's accounts to a local csv file\n$ firebase auth:export --project my-awesome-project-42be4 users.csv\n# Inspect the exported accounts\n$ cat users.csv\nkYi4EvWQlQTKSfnJ3dRSP6IH3ed2,user1@test.com,false,lSrfV15cpx95/sZS2W9c9Kp6i/LVgQNDNC/qzrCnh1SAyZvqmZqAjTdn3aoItz+VHjoZilo78198JAdRuid5lQ==,42xEC+ixf3L2lw==,Test\nUser 1,,,,,,,,,,,,,,,,,,,1508893925000,1508893925000,,\n```\n\nUsing the utility:\n\n```\n# Params from the project's password hash parameters\nbase64_signer_key=\"jxspr8Ki0RYycVU8zykbdLGjFQ3McFUH0uiiTvC8pVMXAn210wjLNmdZJzxUECKbm0QsEmYUSDzZvpjeJ9WmXA==\"\nbase64_salt_separator=\"Bw==\"\nrounds=8\nmemcost=14\n\n# Params from the exported account\nbase64_salt=\"42xEC+ixf3L2lw==\"\n\n# The users raw text password\npassword=\"user1password\"\n\n# Generate the hash\n# Expected output:\n# lSrfV15cpx95/sZS2W9c9Kp6i/LVgQNDNC/qzrCnh1SAyZvqmZqAjTdn3aoItz+VHjoZilo78198JAdRuid5lQ==\necho `./scrypt \"$base64_signer_key\" \"$base64_salt\" \"$base64_salt_separator\" \"$rounds\" \"$memcost\" -P \u003c\u003c\u003c \"$password\"`\n```\n\n## Other Languages\nThank you to members of the Firebase community that have ported this library to other languages!  See the examples below:\n\n* [firebase-scrypt-java](https://github.com/SmartMoveSystems/firebase-scrypt-java) by [SmartMoveSystems](https://github.com/SmartMoveSystems)\n* [firebase-scrypt-python](https://github.com/JaakkoL/firebase-scrypt-python) by [JaakkoL](https://github.com/JaakkoL)\n* [firebase-scrypt-node](https://github.com/xeewi/firebase-scrypt) by [xeewi](https://github.com/xeewi)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffirebase%2Fscrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffirebase%2Fscrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffirebase%2Fscrypt/lists"}