There are various procedures for turning a passphrase into a arbitrary length key for use with a symmetric cipher. A general interface for such algorithms is presented in pbkdf.h. The main function is derive_key, which takes a passphrase, a salt, an iteration count, and the desired length of the output key, and returns a key of that length, deterministically produced from the passphrase and salt. If an algorithm can't produce a key of that size, it will throw an exception (most notably, PKCS #5's PBKDF1 can only produce strings between 1 and $n$ bytes, where $n$ is the output size of the underlying hash function).
More...
Collaboration diagram for Password Based Key Derivation Functions:Modules | |
| Algorithms | |
| Algorithms are meant to provide key derivation interface similar to STL algorithms' one. | |
Classes | |
| class | nil::crypto3::pbkdf::pbkdf2< MessageAuthenticationCode > |
| class | nil::crypto3::pbkdf::pgp_s2k< Hash > |
| OpenPGP's S2K. More... | |
| class | nil::crypto3::pbkdf::pkcs5_pkbdf1< Hash > |
| PKCS #5 v1 PBKDF, aka PBKDF1 Can only generate a key up to the size of the hash output. Unless needed for backwards compatibility, use PKCS5_PBKDF2. More... | |
Detailed Description
There are various procedures for turning a passphrase into a arbitrary length key for use with a symmetric cipher. A general interface for such algorithms is presented in pbkdf.h. The main function is derive_key, which takes a passphrase, a salt, an iteration count, and the desired length of the output key, and returns a key of that length, deterministically produced from the passphrase and salt. If an algorithm can't produce a key of that size, it will throw an exception (most notably, PKCS #5's PBKDF1 can only produce strings between 1 and $n$ bytes, where $n$ is the output size of the underlying hash function).
The purpose of the iteration count is to make the algorithm take longer to compute the final key (reducing the speed of brute-force attacks of various kinds). Most standards recommend an iteration count of at least 10000. Currently defined PBKDF algorithms are "PBKDF1(static_digest)", "PBKDF2(static_digest)"; you can retrieve any of these using the get_pbkdf, found in lookup.h. As of this writing, "PBKDF2(SHA-256)" with at least 100000 iterations and a 16 byte salt is recommend for new applications.