CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-polkadot--util-crypto

A collection of useful crypto utilities for Polkadot ecosystem projects

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

key-derivation-pbkdf.mddocs/

Password-Based Key Derivation

PBKDF2 and Scrypt implementations for password-based key derivation, providing secure methods to derive cryptographic keys from passwords with salt and iteration count parameters.

Capabilities

PBKDF2 Key Derivation

PBKDF2 (Password-Based Key Derivation Function 2) implementation for secure password-based key generation.

/**
 * Derive key using PBKDF2 algorithm
 * @param passphrase - Password/passphrase to derive from
 * @param salt - Random salt bytes (default: random 32 bytes)
 * @param rounds - Number of iterations (default: 2048)
 * @param length - Output key length in bytes (default: 64)
 * @returns Derived key bytes
 */
function pbkdf2Encode(passphrase: string, salt?: Uint8Array, rounds?: number, length?: number): Uint8Array;

Usage Example:

import { pbkdf2Encode } from "@polkadot/util-crypto";

const passphrase = "my-secure-password";
const salt = new Uint8Array(32); // Random salt
crypto.getRandomValues(salt);

// Standard PBKDF2 derivation
const key = pbkdf2Encode(passphrase, salt, 4096, 32);
console.log(key.length); // 32 bytes

Scrypt Key Derivation

Scrypt memory-hard key derivation function for enhanced security against hardware attacks.

/**
 * Derive key using Scrypt algorithm
 * @param passphrase - Password/passphrase to derive from  
 * @param salt - Random salt bytes (default: random 32 bytes)
 * @param N - CPU/memory cost parameter (default: 16384)
 * @param r - Block size parameter (default: 8)
 * @param p - Parallelization parameter (default: 1)
 * @param dkLen - Derived key length (default: 64)
 * @returns Derived key bytes
 */
function scryptEncode(passphrase: string, salt?: Uint8Array, N?: number, r?: number, p?: number, dkLen?: number): Uint8Array;

/**
 * Parse scrypt parameters from encoded bytes
 * @param data - Encoded scrypt data
 * @returns Parsed scrypt parameters
 */
function scryptFromU8a(data: Uint8Array): { salt: Uint8Array; N: number; r: number; p: number; dkLen: number };

/**
 * Encode scrypt parameters to bytes
 * @param salt - Salt bytes
 * @param N - CPU/memory cost parameter
 * @param r - Block size parameter
 * @param p - Parallelization parameter
 * @param dkLen - Derived key length
 * @returns Encoded parameters
 */
function scryptToU8a(salt: Uint8Array, N: number, r: number, p: number, dkLen: number): Uint8Array;

Usage Example:

import { scryptEncode, scryptFromU8a, scryptToU8a } from "@polkadot/util-crypto";

const passphrase = "secure-password";
const salt = new Uint8Array(32);
crypto.getRandomValues(salt);

// High-security scrypt parameters
const key = scryptEncode(passphrase, salt, 32768, 8, 1, 32);

// Encode parameters for storage
const params = scryptToU8a(salt, 32768, 8, 1, 32);

// Parse parameters back
const parsed = scryptFromU8a(params);
console.log(parsed.N); // 32768

Algorithm Comparison

AlgorithmSecuritySpeedMemory UsageUse Case
PBKDF2GoodFastLowGeneral password hashing
ScryptExcellentSlowerHighHigh-security applications

Security Recommendations

  • Salt: Always use random, unique salts for each password
  • Iterations: Use high iteration counts balanced with performance needs
  • Memory: Scrypt's memory hardness provides better protection against ASICs
  • Storage: Store salt and parameters alongside derived keys
  • Updates: Periodically increase iteration counts as hardware improves

Install with Tessl CLI

npx tessl i tessl/npm-polkadot--util-crypto

docs

address.md

base-encoding.md

crypto-init.md

ethereum.md

hashing.md

index.md

json-encryption.md

key-derivation-pbkdf.md

key-derivation.md

keypairs.md

mnemonic.md

random.md

signatures.md

tile.json