From d1308d3b3adabb1978047bf21a8259feca69802b Mon Sep 17 00:00:00 2001
From: Tom0017 <rspsmods@gmail.com>
Date: Mon, 8 Apr 2019 18:31:32 -0400
Subject: [PATCH] Replace SCrypt with BCrypt

SCrypt seems to leave dangling memory. Using the recommended memory cost
parameter of 8 will result in ~100mb of memory lingering in the JVM per
player log-in. Lowering the parameter down to 1 drops it down to 20-35mb
per player, but this still leaves a lot to be desired in comparison to
BCrypt, which doesn't leave a big block of excess memory in the JVM.
---
 game/build.gradle                                             | 2 +-
 .../rsmod/game/service/serializer/PlayerSerializerService.kt  | 4 ++--
 .../game/service/serializer/json/JsonPlayerSerializer.kt      | 4 ++--
 gradle/properties.gradle                                      | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/game/build.gradle b/game/build.gradle
index 50e488c757..117325e4bd 100644
--- a/game/build.gradle
+++ b/game/build.gradle
@@ -34,7 +34,7 @@ dependencies {
     compile group: 'io.github.classgraph', name: 'classgraph', version: classGraphVersion
     compile group: 'it.unimi.dsi', name: 'fastutil', version: fastUtilVersion
 
-    implementation group: 'com.lambdaworks', name: 'scrypt', version: scryptVersion
+    implementation group: 'org.mindrot', name: 'jbcrypt', version: bcryptVersion
     implementation group: 'io.netty', name: 'netty-all', version: nettyVersion
     implementation group: 'com.google.guava', name: 'guava', version: guavaVersion
     implementation group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: bouncycastleVersion
diff --git a/game/src/main/kotlin/gg/rsmod/game/service/serializer/PlayerSerializerService.kt b/game/src/main/kotlin/gg/rsmod/game/service/serializer/PlayerSerializerService.kt
index 4d413ec02b..84cd9c9f17 100644
--- a/game/src/main/kotlin/gg/rsmod/game/service/serializer/PlayerSerializerService.kt
+++ b/game/src/main/kotlin/gg/rsmod/game/service/serializer/PlayerSerializerService.kt
@@ -1,6 +1,5 @@
 package gg.rsmod.game.service.serializer
 
-import com.lambdaworks.crypto.SCryptUtil
 import gg.rsmod.game.Server
 import gg.rsmod.game.model.Tile
 import gg.rsmod.game.model.World
@@ -9,6 +8,7 @@ import gg.rsmod.game.model.entity.Client
 import gg.rsmod.game.service.Service
 import gg.rsmod.net.codec.login.LoginRequest
 import gg.rsmod.util.ServerProperties
+import org.mindrot.jbcrypt.BCrypt
 
 /**
  * A [Service] that is responsible for encoding and decoding player data.
@@ -36,7 +36,7 @@ abstract class PlayerSerializerService : Service {
     fun configureNewPlayer(client: Client, request: LoginRequest) {
         client.attr.put(NEW_ACCOUNT_ATTR, true)
 
-        client.passwordHash = SCryptUtil.scrypt(request.password, 16384, 8, 1)
+        client.passwordHash = BCrypt.hashpw(request.password, BCrypt.gensalt(16))
         client.tile = startTile
     }
 
diff --git a/game/src/main/kotlin/gg/rsmod/game/service/serializer/json/JsonPlayerSerializer.kt b/game/src/main/kotlin/gg/rsmod/game/service/serializer/json/JsonPlayerSerializer.kt
index 711637889f..5f9f623f02 100644
--- a/game/src/main/kotlin/gg/rsmod/game/service/serializer/json/JsonPlayerSerializer.kt
+++ b/game/src/main/kotlin/gg/rsmod/game/service/serializer/json/JsonPlayerSerializer.kt
@@ -3,7 +3,6 @@ package gg.rsmod.game.service.serializer.json
 import com.fasterxml.jackson.annotation.JsonProperty
 import com.google.gson.Gson
 import com.google.gson.GsonBuilder
-import com.lambdaworks.crypto.SCryptUtil
 import gg.rsmod.game.Server
 import gg.rsmod.game.model.PlayerUID
 import gg.rsmod.game.model.Tile
@@ -20,6 +19,7 @@ import gg.rsmod.game.service.serializer.PlayerSerializerService
 import gg.rsmod.net.codec.login.LoginRequest
 import gg.rsmod.util.ServerProperties
 import mu.KLogging
+import org.mindrot.jbcrypt.BCrypt
 import java.nio.file.Files
 import java.nio.file.Path
 import java.nio.file.Paths
@@ -63,7 +63,7 @@ class JsonPlayerSerializer : PlayerSerializerService() {
                  * If the [request] is not a [LoginRequest.reconnecting] request, we have to
                  * verify the password is correct.
                  */
-                if (!SCryptUtil.check(request.password, data.passwordHash)) {
+                if (!BCrypt.checkpw(request.password, data.passwordHash)) {
                     return PlayerLoadResult.INVALID_CREDENTIALS
                 }
             } else {
diff --git a/gradle/properties.gradle b/gradle/properties.gradle
index d7b588b292..d60b3c0929 100644
--- a/gradle/properties.gradle
+++ b/gradle/properties.gradle
@@ -8,7 +8,7 @@ ext {
     reflectionsVersion = '0.9.11'
     runeliteVersion = 'runelite-parent-1.5.2.1'
     commonsIoVersion = '2.4'
-    scryptVersion = '1.4.0'
+    bcryptVersion = '0.4'
     bouncycastleVersion = '1.54'
     z4jVersion = '1.3.2'
     jsoupVersion = '1.11.2'