nebulae.dotScrypt 0.3.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package nebulae.dotScrypt --version 0.3.0
                    


                    

                
NuGet\Install-Package nebulae.dotScrypt -Version 0.3.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="nebulae.dotScrypt" Version="0.3.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="nebulae.dotScrypt" Version="0.3.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="nebulae.dotScrypt" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add nebulae.dotScrypt --version 0.3.0
                    


                    

                
#r "nuget: nebulae.dotScrypt, 0.3.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package nebulae.dotScrypt@0.3.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=nebulae.dotScrypt&version=0.3.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=nebulae.dotScrypt&version=0.3.0
                    


                            Install as a Cake Tool

dotScrypt

dotScrypt is a high-performance .NET wrapper for Colin Percival's reference scrypt key derivation function, built for security, portability, and full parameter control.

This library provides native, optimized builds for Windows, Linux, and macOS (including Apple Silicon) with zero external dependencies.

dotScrypt enables direct access to scrypt_kdf() via Scrypt.Hash() through an idiomatic .NET interface, making it ideal for password hashing and cryptographic key derivation in AOT-compatible applications. Additional ergonomic wrappers have been added to: (1) encode the kdf parameters, salt, & password hash; and (2) verify those hashes against a supplied password.

A full test suite is provided in the Github repository, ensuring correctness and performance across all supported platforms.

Features

  • Supports scrypt_kdf() for secure hashing
  • Exposes both raw byte output and encoded string output
  • Full control over all parameters: memory & time cost, block size & parallelization (nothing is hidden away or hard-coded, so you can follow OWASP recommendations)
  • Cross-platform support: Windows, Linux, macOS (including Apple Silicon)
  • Ships with native, optimized builds of the scrypt kdf function: .dll, .so, .dylib
  • Built against the SIMD-optimized version of the Scrypt reference implementation
  • Requires AES-NI & SSE3 instructions sets on (x86_64 only)

Requirements

  • .NET 8.0 or later
  • AES-NI & SSE3 capable CPU (for x86_64 builds)
  • Windows x64, Linux x64, or macOS x64/arm64

Usage

For general usage, it is recommended to use the encoded string output for password hashing. If you do so you can use the built-in verification functions. Otherwise, you must re-compute the hash using the same original settings and compare the raw hashes yourself.

Scrypt.HashPassword() defaults to the current OWASP recommended parameters, but you can override any and all parameters as needed.

The following example demonstrates how to hash a password and verify it:


using nebulae.dotScrypt;

// Hash the password with full parameter control
string encoded = Scrypt.HashPassword(
    password: "correct horse battery staple",
    hashLength: 64,
    saltLength: 16,
    N: 131072,          // CPU/memory cost (2^17)
    r: 8,               // block size
    p: 1                // parallelism
);

// Store `encoded` in your database

// Later, verify a login attempt
bool isValid = Scrypt.Verify("correct horse battery staple", encoded);

Console.WriteLine(isValid ? "Password is valid" : "Invalid password");

Installation

You can install the package via NuGet:


$ dotnet add package nebulae.dotScrypt

Or via git:


$ git clone https://github.com/nebulaeonline/dotScrypt.git
$ cd dotScrypt
$ dotnet build

License

MIT

Roadmap

The library is feature complete and stable, but if you have any feature requests, suggestions, or concerns, please open an issue on the GitHub repository. Contributions are welcome.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net8.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.3.0 271 6/10/2025