[−][src]Module orion::hazardous::kdf::pbkdf2
PBKDF2-HMAC-SHA512 (Password-Based Key Derivation Function 2) as specified in the RFC 8018.
Parameters:
password
: Password.salt
: Salt value.iterations
: Iteration count.dst_out
: Destination buffer for the derived key. The length of the derived key is implied by the length ofdst_out
.expected
: The expected derived key.
Errors:
An error will be returned if:
- The length of
dst_out
is less than 1. - The specified iteration count is less than 1.
- The hashed password does not match the expected when verifying.
Panics:
A panic will occur if:
- The length of
dst_out
is greater than (2^32 - 1) * 64.
Security:
- Use
Password::generate()
to randomly generate a password of 128 bytes. - Salts should always be generated using a CSPRNG.
util::secure_rand_bytes()
can be used for this. - The recommended length for a salt is 64 bytes.
- The iteration count should be set as high as feasible. The recommended minimum is 100000.
Example:
use orion::{hazardous::kdf::pbkdf2, util}; let mut salt = [0u8; 64]; util::secure_rand_bytes(&mut salt)?; let password = pbkdf2::Password::from_slice("Secret password".as_bytes())?; let mut dst_out = [0u8; 64]; pbkdf2::derive_key(&password, &salt, 10000, &mut dst_out)?; let expected_dk = dst_out; assert!(pbkdf2::verify(&expected_dk, &password, &salt, 10000, &mut dst_out).is_ok());
Structs
Password | A type to represent the |
Functions
derive_key | PBKDF2-SHA512 (Password-Based Key Derivation Function 2) as specified in the RFC 8018. |
verify | Verify PBKDF2-HMAC-SHA512 derived key in constant time. |