fix(scrypt): correct maxmem calculation to use parameter p for memory allocation

AdityaKirad · AdityaKirad · commit 03774b01b861 · 2025-06-15T10:18:49.000+05:30
diff --git a/app/utils/auth.server.ts b/app/utils/auth.server.ts
@@ -319,7 +319,7 @@ async function generateKey(
 				N: SCRYPT_PARAMS.N,
 				r: SCRYPT_PARAMS.r,
 				p: SCRYPT_PARAMS.p,
-				maxmem: 128 * SCRYPT_PARAMS.N * SCRYPT_PARAMS.r * 2,
+				maxmem: 128 * SCRYPT_PARAMS.N * SCRYPT_PARAMS.r * SCRYPT_PARAMS.p * 2,
 			},
 			(err, key) => {
 				if (err) reject(err)
diff --git a/docs/decisions/045-scrypt-migration.md b/docs/decisions/045-scrypt-migration.md
@@ -43,11 +43,11 @@ These parameters were chosen to:
 - Maintain acceptable performance characteristics
 
 The actual scrypt options object includes an additional `maxmem` parameter set
-to `128 * N * r * 2`, which is approximately 64MiB for our parameters. This is
-explicitly set because Node.js has an internal default memory limit of 32 MiB.
-By setting this parameter, we're telling Node.js that twice the estimated memory
-(64 MiB) is allowed for this operation, ensuring optimal performance while
-maintaining security.
+to `128 * N * r * p * 2`, which is approximately 64MiB for our parameters. This
+is explicitly set because Node.js has an internal default memory limit of 32
+MiB. By setting this parameter, we're telling Node.js that twice the estimated
+memory (64 MiB) is allowed for this operation, ensuring optimal performance
+while maintaining security.
 
 ## Implementation Changes
 
diff --git a/tests/db-utils.ts b/tests/db-utils.ts
@@ -35,7 +35,7 @@ export function createPassword(password: string = faker.internet.password()) {
 		N: 2 ** 14,
 		r: 16,
 		p: 1,
-		maxmem: 128 * 2 ** 14 * 16 * 2,
+		maxmem: 128 * 2 ** 14 * 16 * 1 * 2,
 	})
 	return {
 		hash: `${salt}:${hash.toString('hex')}`,
