Home Original page

"Invalid scrypt params" error message is unnecessarily generic when exceeding `maxmem`

Version

v20.13.1

Platform

Linux lindell 6.9.3-arch1-1 #1 SMP PREEMPT_DYNAMIC Fri, 31 May 2024 15:14:45 +0000 x86_64 GNU/Linux

Subsystem

node:crypto

What steps will reproduce the bug?

Reading the official scrypt docs, I see that the cost parameter should be a power of 2.

Following the OWASP docs, I wanted to use 2 power 17 to feed the cost parameter.

const { scryptSync, randomBytes } = require('node:crypto')

const secret = 'shhh'
const salt = randomBytes(16)

// throws RangeError: Invalid scrypt params, same with scrypt()
scryptSync(secret, salt, 64, {
  blockSize: 8,
  cost: 131072, // 2^17
  parallelization: 1,
})

How often does it reproduce? Is there a required condition?

Always reproduce.

What is the expected behavior? Why is that the expected behavior?

Hash is correctly derived.

What do you see instead?

A RangeError with the "Invalid scrypt params" message.

Additional information

No response