I'm noticing an interesting behaviour, and I'm wondering if it's expected or not. Specifically:
crypto_scrypt(password, password_len, salt, salt_len, 1 << 14, 8, 1, out, out_len);
Is returning the same output for the inputs "password" (no null terminator) and "password\0" (including the null terminator). With a 32-byte salt that's all null bytes, I get the following output for both (32 bytes):
A8 28 D8 35 80 11 0C C6
C8 39 C6 1F E9 F0 09 60
42 34 E2 F0 1E 78 98 D2
CB F5 88 7C DB F5 2D 5D
This also seems to hold if I add two null bytes on the end, etc. I'm wondering if this is something that's expected, and if someone else could confirm for me? It's possible I'm screwing something up here, but I've printed the input password / length in the crypto_scrypt function right before the first call to PBKDF2_SHA256, and it appears that the inputs are in fact different.