It's taken me far longer for the penny to drop than it probably should have, but If I understand well, scrypt.hash is misinterpreting the N parameter.
In the params for scrypt.kdf, the N is actually logN – which while the naming is a little confusing, is much easier to work with than N itself, and I like.
However, in the params for scrypt.hash, the N parameter is actually N.
Hence scrypt.hash treats { N: 16, r: 8, p: 1} as if it were { N: 4, r: 8, p: 1}, resulting in a work factor of 16 instead of 65536.
It's taken me far longer for the penny to drop than it probably should have, but If I understand well,
scrypt.hashis misinterpreting theNparameter.In the params for
scrypt.kdf, theNis actually logN – which while the naming is a little confusing, is much easier to work with thanNitself, and I like.However, in the params for
scrypt.hash, theNparameter is actuallyN.Hence
scrypt.hashtreats{ N: 16, r: 8, p: 1}as if it were{ N: 4, r: 8, p: 1}, resulting in a work factor of 16 instead of 65536.