# SCryptHash() Generates an SCrypt password hash. Use this instead of the deprecated GenerateSCryptHash(). **Requires Extension:** [Crypto Extension](https://download.lucee.org/#17AB52DE-B300-A94B-E058FC978BE4542D) ``` SCryptHash( input=string, costParameter=numeric, blockSize=numeric, parallelization=numeric ); ``` **Returns:** string # Arguments | Argument | Type | Required | Description | Default | |----------|------|----------|-------------|---------| | input | string | Yes | Password to hash | | | costParameter | numeric | No | CPU/memory cost (N) - must be power of 2 | 16384 | | blockSize | numeric | No | Block size (r) | 8 | | parallelization | numeric | No | Parallelization factor (p) | 1 | # Usage Notes SCrypt is a memory-hard password hashing algorithm. It's harder to attack with GPUs/ASICs than BCrypt because it requires large amounts of memory. **Parameters:** The cost parameter N must be a power of 2 (e.g. 4096, 8192, 16384). The defaults (N=16384, r=8, p=1) are reasonable for most applications. Increase N to make hashing slower and more memory-intensive. For new applications, prefer [Argon2Hash()](argon2hash.md) which is easier to tune and was specifically designed to improve on SCrypt's design. Replaces the deprecated [GenerateSCryptHash()](generatescrypthash.md). # Examples ```cfml // SCryptHash generates a memory-hard password hash // Defaults: N=16384 (CPU/memory cost), r=8 (block size), p=1 (parallelism) hash = SCryptHash( "my-secret-password" ); // Output format: $scrypt$ln=14,r=8,p=1$salt$hash // Each call produces a different hash due to random salting hash1 = SCryptHash( "password" ); hash2 = SCryptHash( "password" ); // hash1 != hash2 // Verify with SCryptVerify() isValid = SCryptVerify( "my-secret-password", hash ); // true // Custom cost parameters: N (must be a power of 2), r, p // Higher N = more memory and CPU required hash = SCryptHash( "password", 32768, 8, 1 ); ``` # Categories [Cryptography](../../categories/crypto.md) # See Also [GenerateSCryptHash()](generatescrypthash.md), [SCryptVerify()](scryptverify.md), [VerifySCryptHash()](verifyscrypthash.md)