What's the is maximum length of scrypt output?

Question

I'd like to store an scrypt-hashed password in a database. What is the maximum length I can expect?

Answer 1

According to https://github.com/wg/scrypt the output format is $s0$params$salt$key where:

• s0 denotes version 0 of the format, with 128-bit salt and 256-bit derived key.
• params is a 32-bit hex integer containing log2(N) (16 bits), r (8 bits), and p (8 bits).
• salt is the base64-encoded salt.
• key is the base64-encoded derived key.

According to https://stackoverflow.com/a/13378842/14731 the length of a base64-encoded string is where n denotes the number of bytes being encoded.

Let's break this down:

• The dollar signs makes up 4 characters.
• The version numbers makes up 2 characters.
• Each hex character represents 4 bits ( log2(16) = 4 ), so the params field makes up (32-bit / 4 bits) = 8 characters.
• The 128-bit salt is equivalent to 16 bytes. The base64-encoded format makes up (4 * ceil(16 / 3)) = 24 characters.
• The 256-bit derived key is equivalent to 32 bytes. The base64-encoded format makes up (4 * ceil(32 / 3)) = 44 characters.

Putting that all together, we get: 4 + 2 + 8 + 24 + 44 = 82 characters.