SCrypt salt issue

Question

SCrypt salt issue

rushfrisby opened this issue 12 years ago · 1 comments

I found an issue with SCrypt that will cause it to generate the same hash every time with different salts.

First I generated a random string of characters from the full character set (char)0 - (char)65535.

private static string NewSalt()
{
    var salt = string.Empty;
    var random = new Random();
    for (var i = 0; i < 16; i++)
    {
        salt += (char)random.Next(Char.MinValue, Char.MaxValue);
    }
    return salt;
}

In almost all cases my salts contain characters with high character values. When I use this to hash passwords the hashes end up being the same with different salts.

private static string SaltAndHashPassword(string password, string salt)
{
    const int len = 64;
    const int parallel = 16;
    const int blockSize = 8;
    const int cost = 1024;

    var derivedBytes = new byte[len];
    SCrypt.ComputeKey(Encoding.ASCII.GetBytes(password), Encoding.ASCII.GetBytes(salt), cost, blockSize, parallel, null, derivedBytes);

    return new string(HexBase16.Encode(derivedBytes));
}

Is there something I am doing wrong or does the SCrypt algorithm not allow for characters over a certain range? When I limit the salt to (char)0 - (char)255 it works every time.

Answer 1 · 2013-03-08T14:54:45.000Z

Never mind... I see the problem. Using Encoding.ASCII limits it to 0-255. I changed it to Encoding.Unicode to get the full character set and it works. Great little library you have here. Thanks.