Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -r1.138 -r1.139
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl	25 Sep 2025 11:28:38 -0000	1.138
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl	21 Oct 2025 16:17:10 -0000	1.139
@@ -776,8 +776,23 @@
 
             @return hex encoded password hash (128 bytes)
         } {
+            lassign [split [ns_info patchlevel] .] major minor patchlevel
+            if {$major < 5 && $patchlevel < 31} {
+                ns_log notice "warning: this version of NaviServer returns results for flipped arguments." \
+                    "When upgrading to newer versions, scrypt-16384-1-8 will return compatible results"
+            }
             return [::ns_crypto::scrypt -secret $password -salt $salt -n 16384 -r 8 -p 1]
         }
+        ad_proc -private scrypt-16384-1-8 {password salt} {
+
+            Compute a "password hash" using the scrypt password based
+            key derivation function (RFC 7914)- Flipped argument
+            version for bug compatibility.
+
+            @return hex encoded password hash (128 bytes)
+        } {
+            return [::ns_crypto::scrypt -secret $password -salt $salt -n 16384 -r 1 -p 8]
+        }
     }
 
     if {[::acs::icanuse "ns_crypto::argon2"]} {