ScryptEncrypt Lucee Extension
Jetendo uses Scrypt for password encryption and verification. I have integrated https://github.com/wg/scrypt as new Lucee built-in functions. Scrypt is designed to make certain kinds of hardware based attacks against the password cost a lot more hardware, due to needing excessive amounts of both cpu and memory to do each operation, and you can configure how much work it does when you pass those arguments to it.
Download ScryptEncrypt Lucee Extension
Download ScryptUtil Jar Dependency.
The jar must go in lucee-server/context/lib which is usually in the tomcat folder, but jetendo's configuration moves it to /var/jetendo-server/luceevhosts/server/lucee-server/context/lib
Sample code:
<cfscript>
pass="test1234";
N=16384; // CPU cost parameter as a power of 2
r=8; // Memory cost parameter, 8 or 16 is recommended
p=1; // Parallelization parameter, 1 is recommended
hashedPassword=ScryptEncrypt(pass, N, r, p);
if(ScryptCheck(pass, hashedPassword)){
echo("matches");
}else{
echo("not matches");
}
</cfscript>