Is the Litecoin Scrypt hashing technique a threat to hashed passwords?

Loading...

Is the Litecoin Scrypt hashing technique a threat to hashed passwords?

The Bitcoin alternative, Litecoin uses a different algorithm to protect the block chain, namely Scrypt (not Sha256).
Given that GPU accelerators exists, and ASICS are due to be released, does the widespread implementation of the Litecoin network affect the implied security of my hashed password database?

Does the mere existence of consumer grade Scrypt ASICs with the ability to brute force a defined difficulty affect the implied security of hashed passwords?

The mitigation I'm hoping to hear is that the Litecoin protocol (and all clones) use crypto in a different way that makes it infeasible to use in distributed password cracking.

Solutions/Answers:

Answer 1:

No.

Litecoin uses an algorithm called scrypt which has variables that determine the amount of CPU/RAM required to compute hash. Litecoin’s scrypt parameters are fixed at N = 1024; p = 1; r = 1. (http://cryptocur.com/litecoin/)

Users of Scypt for password hashing purposes should have the parameters set much, much higher which will put password cracking out of range of Scrypt ASICs designed for Litecoin mining. After all, this is the key behind Scrypt’s design, having a tunable hashing cost.

References

Loading...