The SCrypt class does not exist, but it is used in the internal implementation of SCryptPasswordEncoder

[chuchuice]

The problem The SCrypt class does not exist, but it is used in the internal implementation of SCryptPasswordEncoder. SCrypt isn't in the package org.springframework.security.crypto.scrypt

To Reproduce The SCrypt class must exist and implement the generate method.

Expected behavior SCrypt encryption will work without compilation errors

Sample

private boolean decodeAndCheckMatches(CharSequence rawPassword, String encodedPassword) {
        String[] parts = encodedPassword.split("\\$");
        ...
        byte[] generated = SCrypt.generate(Utf8.encode(rawPassword), salt, cpuCost, memoryCost, parallelization,
                this.keyLength);
        return MessageDigest.isEqual(derived, generated);
}

And

private String digest(CharSequence rawPassword, byte[] salt) {
        byte[] derived = SCrypt.generate(Utf8.encode(rawPassword), salt, this.cpuCost, this.memoryCost,
                this.parallelization, this.keyLength);
}

[ngocnhan-tran1996]

From basecode,

SCrypt come from org.bouncycastle.crypto.generators

And https://github.com/spring-projects/spring-security/blob/7ba8986506daca7df716b7fed1ff23aee1cb1b92/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java#L45-L47

so you need to add dependency, e.g. org.bouncycastle:bcprov-jdk18on if you want to use it

[sjohnr]

@chuchuice the org.bouncycastle:bcpkix-jdk18on dependency is optional for spring-security-crypto. Make sure you add that library to your dependencies to use the SCryptPasswordEncoder.