pub enum KdfPasswordAlgorithm {
Argon2(Option<Argon2Params>),
Pbkdf2 {
hash: HashAlgorithm,
c: Option<u32>,
},
}Expand description
Password-based Key Derivation Function algorithm enumeration.
基于密码的密钥派生函数算法枚举。
§Algorithm Selection | 算法选择
Choose based on your security and compatibility requirements:
根据您的安全性和兼容性要求选择:
-
Argon2: Recommended for new applications (better security)
-
PBKDF2: Use for legacy compatibility or resource constraints
-
Argon2: 推荐用于新应用(更好的安全性)
-
PBKDF2: 用于遗留兼容性或资源约束
Variants§
Argon2(Option<Argon2Params>)
Argon2 memory-hard password hashing function.
Argon2 内存困难密码哈希函数。
§Properties | 属性
- Type: Memory-hard function
- Standard: RFC 9106
- Resistance: GPU, FPGA, ASIC attacks
- Parameters: Memory, time, parallelism costs
§Variants | 变体
-
Some(params): Custom parameters for specific requirements -
None: Default parameters suitable for most applications -
Some(params): 特定要求的自定义参数 -
None: 适用于大多数应用的默认参数
Pbkdf2
PBKDF2 time-hard password-based key derivation function.
PBKDF2 时间困难的基于密码的密钥派生函数。
§Properties | 属性
- Type: Time-hard function
- Standard: RFC 2898, PKCS #5
- Resistance: Basic brute-force attacks
- Parameters: Hash function, iteration count
§Configuration | 配置
-
hash: Underlying hash function (SHA-256/384/512) -
c: Iteration count (Some(count)for custom,Nonefor default) -
hash: 底层哈希函数(SHA-256/384/512) -
c: 迭代次数(Some(count)自定义,None默认)
Implementations§
Source§impl KdfPasswordAlgorithm
impl KdfPasswordAlgorithm
Sourcepub fn build() -> KdfPasswordAlgorithmBuilder
pub fn build() -> KdfPasswordAlgorithmBuilder
Creates a new password-based KDF algorithm builder.
创建新的基于密码的 KDF 算法构建器。
§Returns | 返回值
A builder that provides access to different password-based KDF algorithms. Use the builder methods to select the specific algorithm and parameters.
提供访问不同基于密码的 KDF 算法的构建器。 使用构建器方法选择特定的算法和参数。
§Examples | 示例
use seal_crypto_wrapper::algorithms::kdf::passwd::KdfPasswordAlgorithm;
// Default configurations
let argon2 = KdfPasswordAlgorithm::build().argon2_default();
let pbkdf2 = KdfPasswordAlgorithm::build().pbkdf2_sha256_default();
// Custom configurations
let custom_argon2 = KdfPasswordAlgorithm::build().argon2_with_params(65536, 3, 4);
let custom_pbkdf2 = KdfPasswordAlgorithm::build().pbkdf2_sha256_with_params(100000);Source§impl KdfPasswordAlgorithm
impl KdfPasswordAlgorithm
Sourcepub fn into_wrapper(self) -> KdfPasswordWrapper
pub fn into_wrapper(self) -> KdfPasswordWrapper
Converts the algorithm enum into a concrete wrapper implementation.
将算法枚举转换为具体的包装器实现。
§Purpose | 目的
This method creates a wrapper that implements the password-based KDF algorithm trait, enabling actual cryptographic operations like key derivation from passwords with appropriate computational cost to resist brute-force attacks.
此方法创建一个实现基于密码的 KDF 算法 trait 的包装器, 启用实际的密码操作,如从密码派生密钥,并具有适当的计算成本以抵抗暴力攻击。
§Returns | 返回值
A KdfPasswordWrapper that can perform:
- Password-based key derivation
- Salt-based key separation
- Configurable computational cost
- Secure password verification
可以执行以下操作的 KdfPasswordWrapper:
- 基于密码的密钥派生
- 基于盐的密钥分离
- 可配置的计算成本
- 安全密码验证
§Examples | 示例
use seal_crypto_wrapper::algorithms::kdf::passwd::KdfPasswordAlgorithm;
use seal_crypto_wrapper::prelude::SecretBox;
// Argon2 for new applications (recommended)
let argon2_alg = KdfPasswordAlgorithm::build().argon2_default();
let argon2_kdf = argon2_alg.into_wrapper();
let password = SecretBox::new(Box::from(b"my-secret-password".as_slice()));
let salt = b"random_salt_16_bytes";
let derived_key = argon2_kdf.derive(&password, salt, 32)?;
// PBKDF2 for compatibility
let pbkdf2_alg = KdfPasswordAlgorithm::build().pbkdf2_sha256_with_params(100000);
let pbkdf2_kdf = pbkdf2_alg.into_wrapper();
let key2 = pbkdf2_kdf.derive(&password, salt, 32)?;§Security Best Practices | 安全最佳实践
When using the wrapper:
- Use Random Salts: Generate unique salts for each password
- Sufficient Cost: Use appropriate computational cost parameters
- Secure Storage: Store salts and derived keys securely
- Regular Updates: Update cost parameters as hardware improves
使用包装器时:
- 使用随机盐: 为每个密码生成唯一盐
- 足够成本: 使用适当的计算成本参数
- 安全存储: 安全存储盐和派生密钥
- 定期更新: 随着硬件改进更新成本参数
§Algorithm-Specific Notes | 算法特定注意事项
§Argon2
- Memory-hard: requires significant RAM
- Resistant to GPU/ASIC attacks
- Configurable memory/time/parallelism
§PBKDF2
- Time-hard: only CPU time cost
- Widely supported and standardized
- Vulnerable to specialized hardware attacks
§Argon2
- 内存困难:需要大量 RAM
- 抗 GPU/ASIC 攻击
- 可配置内存/时间/并行度
§PBKDF2
- 时间困难:仅 CPU 时间成本
- 广泛支持和标准化
- 易受专用硬件攻击
§Performance Considerations | 性能考虑
-
Argon2: Higher memory usage, better security
-
PBKDF2: Lower memory usage, faster on some platforms
-
Parameter Tuning: Test on target hardware for optimal settings
-
Argon2: 更高内存使用,更好安全性
-
PBKDF2: 更低内存使用,在某些平台上更快
-
参数调优: 在目标硬件上测试以获得最佳设置
Trait Implementations§
Source§impl<'__de, __Context> BorrowDecode<'__de, __Context> for KdfPasswordAlgorithm
impl<'__de, __Context> BorrowDecode<'__de, __Context> for KdfPasswordAlgorithm
Source§fn borrow_decode<__D: BorrowDecoder<'__de, Context = __Context>>(
decoder: &mut __D,
) -> Result<Self, DecodeError>
fn borrow_decode<__D: BorrowDecoder<'__de, Context = __Context>>( decoder: &mut __D, ) -> Result<Self, DecodeError>
Source§impl Clone for KdfPasswordAlgorithm
impl Clone for KdfPasswordAlgorithm
Source§fn clone(&self) -> KdfPasswordAlgorithm
fn clone(&self) -> KdfPasswordAlgorithm
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more