Replace SCrypt with BCrypt

SCrypt seems to leave dangling memory. Using the recommended memory cost
parameter of 8 will result in ~100mb of memory lingering in the JVM per
player log-in. Lowering the parameter down to 1 drops it down to 20-35mb
per player, but this still leaves a lot to be desired in comparison to
BCrypt, which doesn't leave a big block of excess memory in the JVM.

game/build.gradle

@@ -34,7 +34,7 @@ dependencies {
     compile group: 'io.github.classgraph', name: 'classgraph', version: classGraphVersion
     compile group: 'it.unimi.dsi', name: 'fastutil', version: fastUtilVersion
 
-    implementation group: 'com.lambdaworks', name: 'scrypt', version: scryptVersion
+    implementation group: 'org.mindrot', name: 'jbcrypt', version: bcryptVersion
     implementation group: 'io.netty', name: 'netty-all', version: nettyVersion
     implementation group: 'com.google.guava', name: 'guava', version: guavaVersion
     implementation group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: bouncycastleVersion

game/src/main/kotlin/gg/rsmod/game/service/serializer/PlayerSerializerService.kt

@@ -1,6 +1,5 @@
 package gg.rsmod.game.service.serializer
 
-import com.lambdaworks.crypto.SCryptUtil
 import gg.rsmod.game.Server
 import gg.rsmod.game.model.Tile
 import gg.rsmod.game.model.World
@@ -9,6 +8,7 @@ import gg.rsmod.game.model.entity.Client
 import gg.rsmod.game.service.Service
 import gg.rsmod.net.codec.login.LoginRequest
 import gg.rsmod.util.ServerProperties
+import org.mindrot.jbcrypt.BCrypt
 
 /**
  * A [Service] that is responsible for encoding and decoding player data.
@@ -36,7 +36,7 @@ abstract class PlayerSerializerService : Service {
     fun configureNewPlayer(client: Client, request: LoginRequest) {
         client.attr.put(NEW_ACCOUNT_ATTR, true)
 
-        client.passwordHash = SCryptUtil.scrypt(request.password, 16384, 8, 1)
+        client.passwordHash = BCrypt.hashpw(request.password, BCrypt.gensalt(16))
         client.tile = startTile
     }
 

game/src/main/kotlin/gg/rsmod/game/service/serializer/json/JsonPlayerSerializer.kt

@@ -3,7 +3,6 @@ package gg.rsmod.game.service.serializer.json
 import com.fasterxml.jackson.annotation.JsonProperty
 import com.google.gson.Gson
 import com.google.gson.GsonBuilder
-import com.lambdaworks.crypto.SCryptUtil
 import gg.rsmod.game.Server
 import gg.rsmod.game.model.PlayerUID
 import gg.rsmod.game.model.Tile
@@ -20,6 +19,7 @@ import gg.rsmod.game.service.serializer.PlayerSerializerService
 import gg.rsmod.net.codec.login.LoginRequest
 import gg.rsmod.util.ServerProperties
 import mu.KLogging
+import org.mindrot.jbcrypt.BCrypt
 import java.nio.file.Files
 import java.nio.file.Path
 import java.nio.file.Paths
@@ -63,7 +63,7 @@ class JsonPlayerSerializer : PlayerSerializerService() {
                  * If the [request] is not a [LoginRequest.reconnecting] request, we have to
                  * verify the password is correct.
                  */
-                if (!SCryptUtil.check(request.password, data.passwordHash)) {
+                if (!BCrypt.checkpw(request.password, data.passwordHash)) {
                     return PlayerLoadResult.INVALID_CREDENTIALS
                 }
             } else {

gradle/properties.gradle

@@ -8,7 +8,7 @@ ext {
     reflectionsVersion = '0.9.11'
     runeliteVersion = 'runelite-parent-1.5.2.1'
     commonsIoVersion = '2.4'
-    scryptVersion = '1.4.0'
+    bcryptVersion = '0.4'
     bouncycastleVersion = '1.54'
     z4jVersion = '1.3.2'
     jsoupVersion = '1.11.2'