Scrypt

Scrypt is a password-based key derivation function that, like Argon2, is deliberately memory-hard: computing a single hash requires holding a large block of data in RAM, which dramatically raises the cost of building GPU or ASIC cracking rigs. It takes three parameters: N (cost factor, memory and time), r (block size), and p (parallelism). Scrypt predates Argon2 by six years and is still a sound choice when Argon2 is not available; OWASP recommends `N=2^17, r=8, p=1` as a 2024-era baseline. It is also the proof-of-work function behind Litecoin and Dogecoin, chosen specifically because it resisted ASIC mining for years.