SCryptPasswordEncoder provides encode() method but the salt is generated internally each time call the method.
To reproduce scrypt encoded password, it should also allow to pass salt in parameter.
it could be very useful in many ways. For example, 1. user enters password which is gonna be used as a key to encrypt data 2. for security, encode password with scrypt 3. encrypted data is stored in any storage(and not encoded key) 4. to decrypt data, user enters password and then reproduce scrypt key to decrypt
Comment From: marcusdacoregio
Hi, @ChrisCho-H. The idea of the salt is really to be randomly generated each time you encode a password, so two same strings become different hashes.
Comment From: ChrisCho-H
I know. What I meant is to generate random byte outside of module and use that as a salt parameter, so that reproduce scrypt key. as scrypt key is also used to encrypt and delay attack like brute force, there's a plenty of usage to reproduce key with salt known. https://crypto.stackexchange.com/questions/99501/salt-value-in-scrypt-algorithm
Comment From: marcusdacoregio
I don't see how the question that you linked relates to what you are asking. If you want, you can specify the saltGenerator inside the SCrypt implementation.