seal_crypto_wrapper::algorithms

Module kdf

Source
Expand description

Key Derivation Functions (KDF) for secure key generation and management.

用于安全密钥生成和管理的密钥派生函数 (KDF)。

§Overview | 概述

Key Derivation Functions are cryptographic algorithms that derive one or more secret keys from a secret value such as a master key, password, or shared secret. They are essential for secure key management and cryptographic protocol design.

密钥派生函数是从主密钥、密码或共享密钥等秘密值派生一个或多个密钥的密码算法。 它们对于安全密钥管理和密码协议设计至关重要。

§KDF Categories | KDF 分类

§Key-Based KDF | 基于密钥的 KDF

  • HKDF: HMAC-based Key Derivation Function (RFC 5869)
    • Suitable for deriving keys from high-entropy sources
    • Fast and efficient
    • Supports salt and context information

§Password-Based KDF | 基于密码的 KDF

  • PBKDF2: Password-Based Key Derivation Function 2 (RFC 2898)
    • Widely supported and standardized
    • Configurable iteration count
    • Suitable for password-based encryption
  • Argon2: Memory-hard password hashing function
    • Resistant to GPU and ASIC attacks
    • Configurable memory, time, and parallelism
    • Winner of Password Hashing Competition

§Security Considerations | 安全考虑

§Key-Based KDF | 基于密钥的 KDF

  • Input key material should have sufficient entropy
  • Use unique salt values when possible
  • Context information helps prevent key reuse

§Password-Based KDF | 基于密码的 KDF

  • Use high iteration counts to slow down attacks
  • Always use random salts to prevent rainbow table attacks
  • Consider memory-hard functions (Argon2) for better security

§Usage Guidelines | 使用指南

  • High-entropy sources: Use key-based KDF (HKDF)

  • Password derivation: Use password-based KDF (PBKDF2/Argon2)

  • Performance critical: HKDF or PBKDF2 with moderate iterations

  • Maximum security: Argon2 with high memory and time costs

  • 高熵源: 使用基于密钥的 KDF (HKDF)

  • 密码派生: 使用基于密码的 KDF (PBKDF2/Argon2)

  • 性能关键: HKDF 或适度迭代的 PBKDF2

  • 最大安全性: 高内存和时间成本的 Argon2

Modules§

key
Key-based Key Derivation Functions (KDF) for high-entropy inputs.
passwd
Password-based Key Derivation Functions (KDF) for low-entropy inputs.

Structs§

KdfAlgorithmBuilder
Builder for constructing KDF algorithm instances.

Enums§

KdfAlgorithm
Key Derivation Function algorithm enumeration.