ScryptEncrypt Lucee Extension

Jetendo uses Scrypt for password encryption and verification.  I have integrated https://github.com/wg/scrypt as new Lucee built-in functions.  Scrypt is designed to make certain kinds of hardware based attacks against the password cost a lot more hardware, due to needing excessive amounts of both cpu and memory to do each operation, and you can configure how much work it does when you pass those arguments to it.

Download ScryptEncrypt Lucee Extension

Download ScryptUtil Jar Dependency.

The jar must go in lucee-server/context/lib which is usually in the tomcat folder, but jetendo's configuration moves it to /var/jetendo-server/luceevhosts/server/lucee-server/context/lib

Sample code:

<cfscript>
pass="test1234";
N=16384; // CPU cost parameter as a power of 2
r=8; // Memory cost parameter, 8 or 16 is recommended
p=1; // Parallelization parameter, 1 is recommended
hashedPassword=ScryptEncrypt(pass, N, r, p);
if(ScryptCheck(pass, hashedPassword)){
   echo("matches");
}else{
   echo("not matches");
}
</cfscript>