Firebase authentication: What do the scrypt password hash parameters mean?

Question

what are the functions of different parameters in firebase authentication

I searched the internet to get the information of the these parameters, but I was unsuccessful. What is the difference between rounds and mem_cost?What does Bw== in salt seperator mean

hash_config {
  algorithm: SCRYPT,
  base64_signer_key: jxspr8Ki0RYycVU8zykbdLGjFQ3McFUH0uiiTvC8pVMXAn210wjLNmdZJzxUECKbm0QsEmYUSDzZvpjeJ9WmXA==,
  base64_salt_separator: Bw==,
  rounds: 8,
  mem_cost: 14,
}

Could you edit the question to say more about where you saw these parameters, and the code you used to generate what you're showing now? — Doug Stevenson, Aug 12 '19 at 17:29
i saw these parameters in firebase authentication,(password hash parameters) from the menu — Katta Omkareshwar, Aug 12 '19 at 17:55

score 1 · Answer 1 · edited Jun 20 '20 at 09:12

1

Firebase Authentication uses an internal version of the scrypt password-based key derivation function to hash account passwords.

Unique hash parameters are generated for each Firebase project. These may be viewed in:

Firebase Console > Authentication > Users

Select Password Hash Parameters from the drop down in the upper-right hand corner of the users table.

Firebase Scrypt Parameters

algorithm - SCRYPT
base64_signer_key - The public key of the signer
base64_salt_separator - The separator to use when concatenating the hash with the salt
rounds - The blocksize parameter, which fine-tunes sequential memory read size and performance. An integer between 0 and 120000 (inclusive).
mem_cost - The memory cost. An integer between 1 and 14 (inclusive)

Additional Resources

Firebase Authentication Password Hashing
stackoverflow: What are optimal scrypt work factors?
The Scrypt Parameters

edited Jun 20 '20 at 09:12

Community

1
1

answered Aug 12 '19 at 18:15

Christopher Peisert

21,862
3
86
117

could you explain what is the difference between rounds and memory cost? – Katta Omkareshwar Aug 12 '19 at 18:19
@KattaOmkareshwar See updated information on hash parameters. – Christopher Peisert Aug 12 '19 at 20:43
It looks like the upper-right hand corner of the users table in the Firebase console no longer contains a drop down; is there any updated information on how to inspect the password hash parameters for a given project? – djc Nov 04 '21 at 13:05
1

@ChristopherPeisert thanks! I previously only had Viewer privileges on the Firebase project, which apparently is not enough to have access to the password hash parameters. Once I gained Owner privileges, the three dots appeared. – djc Nov 08 '21 at 13:25

score -4 · Answer 2 · edited Oct 19 '20 at 07:53

-4

hash_config {
  algorithm: SCRYPT,
  base64_signer_key: ecUEAYeNIvBmRWc+TvdNG+EaHzoABQnQeDWLva2/Onb2iTTxVDTUZ7KdXlQpxD7pVmcM9LR6L9QzCnI8mjR64A==,
  base64_salt_separator: Bw==,
  rounds: 8,
  mem_cost: 14,
}

edited Oct 19 '20 at 07:53

Pierre.Vriens

2,117
75
29
42

answered Oct 18 '20 at 07:51

user14471337

1
1

3

Please don't post only code as answer, but also provide an explanation what your code does and how it solves the problem of the question. Answers with an explanation are usually more helpful and of better quality, and are more likely to attract upvotes. – Mark Rotteveel Oct 19 '20 at 09:10

Firebase authentication: What do the scrypt password hash parameters mean?

2 Answers2

Firebase Scrypt Parameters

Additional Resources