--- title: Scrypt Password Storage Scheme description: The Scrypt Password Storage Scheme provides a mechanism for encoding user passwords using the Scrypt key derivation function. component: pingds version: 8.1 page_id: pingds:configref:objects-scrypt-password-storage-scheme canonical_url: https://docs.pingidentity.com/pingds/8.1/configref/objects-scrypt-password-storage-scheme.html section_ids: parent: Parent scrypt_password_storage_scheme_properties: Scrypt Password Storage Scheme properties basic_properties: Basic properties enabled: enabled rehash-policy: rehash-policy scrypt-block-size: scrypt-block-size scrypt-cpu-memory-cost-factor-exponent: scrypt-cpu-memory-cost-factor-exponent scrypt-parallelization-parameter: scrypt-parallelization-parameter advanced_properties: Advanced properties java-class: java-class scrypt-memory-pool-size: scrypt-memory-pool-size --- # Scrypt Password Storage Scheme The Scrypt Password Storage Scheme provides a mechanism for encoding user passwords using the Scrypt key derivation function. This scheme contains an implementation for the user password syntax with a storage scheme name of "SCRYPT". ## Parent The Scrypt Password Storage Scheme object inherits from [Password Storage Scheme](objects-password-storage-scheme.html). ## Scrypt Password Storage Scheme properties You can use configuration expressions to set property values at startup time. For details, see [Property value substitution](expressions.html). | Basic Properties | Advanced Properties | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------- | | [enabled](#enabled) [rehash-policy](#rehash-policy) [scrypt-block-size](#scrypt-block-size) [scrypt-cpu-memory-cost-factor-exponent](#scrypt-cpu-memory-cost-factor-exponent) [scrypt-parallelization-parameter](#scrypt-parallelization-parameter) | [java-class](#java-class) [scrypt-memory-pool-size](#scrypt-memory-pool-size) | ### Basic properties Use the `--advanced` option to access advanced properties. ### enabled | | | | ----------------------- | ----------------------------------------------------------------- | | *Synopsis* | Indicates whether the Password Storage Scheme is enabled for use. | | *Default value* | None | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### rehash-policy | | | | ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Indicates whether the server should rehash passwords after the cost has been changed. | | *Description* | Passwords will be rehashed when a user successfully authenticates. Note that rehashing will increase the write load on the server. | | *Default value* | never | | *Allowed values* | * always: Rehash passwords when the cost is increased or decreased. * never: Never rehash passwords when the cost changes. Only rehash passwords when the password is modified. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### scrypt-block-size | | | | ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | The block size for the digest in bytes that will be used to encode passwords. | | *Description* | The value must be greater than or equal to one. The amount of memory that will be temporarily consumed in the course of generating the password is 128\*2^N\*r bytes, where "N" represents the CPU/memory cost factor exponent and "r" represents the configured block size. The Scrypt Password Storage Scheme will not permit the total memory consumption per password encoding to exceed the `scrypt-memory-pool-size`. | | *Default value* | 8 | | *Allowed values* | An integer.Lower limit: 1. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### scrypt-cpu-memory-cost-factor-exponent | | | | ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | The power of 2 (ie exponent) used for the CPU/memory cost factor. | | *Description* | The value must be less than (128\*r/8), where "r" represents the configured block size. The amount of memory that will be consumed in the course of generating the password is (128\*2^N\*r) bytes, where "N" represents the CPU/memory cost factor exponent and "r" represents the configured block size. The Scrypt Password Storage Scheme will not permit the total memory consumption per password encoding to exceed the `scrypt-memory-pool-size`. | | *Default value* | 14 | | *Allowed values* | An integer.Lower limit: 1.Upper limit: 30. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### scrypt-parallelization-parameter | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | *Synopsis* | The number of times that scrypt has to perform the entire encoding process to produce the final result. | | *Description* | The amount of processing required to encode a password increases linearly with the value of this parameter. If an attacker uses an scrypt implementation that supports the use of multiple threads to perform multiple encodings in parallel, then it also linearly increases the amount of memory required. | | *Default value* | 1 | | *Allowed values* | An integer.Lower limit: 1. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ## Advanced properties Use the `--advanced` option to access advanced properties. ### java-class | | | | ----------------------- | --------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the fully-qualified name of the Java class that provides the Scrypt Password Storage Scheme implementation. | | *Default value* | org.opends.server.extensions.ScryptPasswordStorageScheme | | *Allowed values* | A Java class that extends or implements:- org.opends.server.api.PasswordStorageScheme | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | Yes | | *Read-only* | No | ### scrypt-memory-pool-size | | | | ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | The amount of memory dedicated to scrypt password hashing. | | *Description* | This amount of memory places an upper limit on the number of scrypt password hashes which can be computed concurrently. Every bind request using scrypt password hashing will acquire memory from this pool, and release it once computation has completed. When the pool is empty, incoming bind requests using scrypt will be paused, waiting for concurrent scrypt computation to finish and return memory to the pool. | | *Default value* | 36 mb | | *Allowed values* | Uses [size syntax](size-syntax.html).Upper limit: 400000000. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | Restart the server for changes to take effect. | | *Advanced* | Yes | | *Read-only* | No |