distrib > Mageia > cauldron > i586 > by-pkgid > 92a9f9a2ff17105809ab69f8e09db031 > files > 78


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

<html xmlns="">
    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>PBKDF Algorithms &#8212; Botan</title>
    <link rel="stylesheet" href="_static/agogo.css" type="text/css" />
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/underscore.js"></script>
    <script type="text/javascript" src="_static/doctools.js"></script>
    <script type="text/javascript" src="_static/language_data.js"></script>
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
    <link rel="next" title="Password Hashing" href="passhash.html" />
    <link rel="prev" title="Key Derivation Functions" href="kdf.html" /> 
    <div class="header-wrapper">
      <div class="header">

    <div class="content-wrapper">
      <div class="content">
        <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body" role="main">
  <div class="section" id="pbkdf-algorithms">
<span id="pbkdf"></span><h1>PBKDF Algorithms<a class="headerlink" href="#pbkdf-algorithms" title="Permalink to this headline">¶</a></h1>
<p>There are various procedures for turning a passphrase into a arbitrary
length key for use with a symmetric cipher. A general interface for
such algorithms is presented in <code class="docutils literal notranslate"><span class="pre">pbkdf.h</span></code>. The main function is
<code class="docutils literal notranslate"><span class="pre">derive_key</span></code>, which takes a passphrase, a salt, an iteration count,
and the desired length of the output key, and returns a key of that
length, deterministically produced from the passphrase and salt. If an
algorithm can’t produce a key of that size, it will throw an exception
(most notably, PKCS #5’s PBKDF1 can only produce strings between 1 and
$n$ bytes, where $n$ is the output size of the underlying hash
<p>The purpose of the iteration count is to make the algorithm take
longer to compute the final key (reducing the speed of brute-force
attacks of various kinds). Most standards recommend an iteration count
of at least 10000. Currently defined PBKDF algorithms are
“PBKDF1(digest)”, “PBKDF2(digest)”, and “OpenPGP-S2K(digest)”; you can
retrieve any of these using the <code class="docutils literal notranslate"><span class="pre">get_pbkdf</span></code>, found in
<code class="docutils literal notranslate"><span class="pre">lookup.h</span></code>. As of this writing, “PBKDF2(SHA-256)” with 10000
iterations and a 16 byte salt is recommend for new applications.</p>
<dl class="function">
<dt id="_CPPv3NK5PBKDF10derive_keyE6size_tRKNSt6stringEPK4byte6size_t6size_t">
<span id="_CPPv2NK5PBKDF10derive_keyE6size_tRKNSt6stringEPK4byte6size_t6size_t"></span><span id="PBKDF::derive_key__s.ssCR.byteCP.s.sC"></span><a class="reference internal" href="lowlevel.html#_CPPv311OctetString" title="OctetString">OctetString</a> <code class="descclassname">PBKDF<code class="descclassname">::</code></code><code class="descname">derive_key</code><span class="sig-paren">(</span>size_t <em>output_len</em>, <em class="property">const</em> std::string &amp;<em>passphrase</em>, <em class="property">const</em> byte *<em>salt</em>, size_t <em>salt_len</em>, size_t <em>iterations</em><span class="sig-paren">)</span> <em class="property">const</em><a class="headerlink" href="#_CPPv3NK5PBKDF10derive_keyE6size_tRKNSt6stringEPK4byte6size_t6size_t" title="Permalink to this definition">¶</a><br /></dt>
<dd><p>Computes a key from <em>passphrase</em> and the <em>salt</em> (of length
<em>salt_len</em> bytes) using an algorithm-specific interpretation of
<em>iterations</em>, producing a key of length <em>output_len</em>.</p>
<p>Use an iteration count of at least 10000. The salt should be
randomly chosen by a good random number generator (see
<a class="reference internal" href="rng.html#random-number-generators"><span class="std std-ref">Random Number Generators</span></a> for how), or at the very least
unique to this usage of the passphrase.</p>
<p>If you call this function again with the same parameters, you will
get the same key.</p>

<div class="highlight-cpp notranslate"><div class="highlight"><pre><span></span><span class="n">PBKDF</span><span class="o">*</span> <span class="n">pbkdf</span> <span class="o">=</span> <span class="n">get_pbkdf</span><span class="p">(</span><span class="s">&quot;PBKDF2(SHA-256)&quot;</span><span class="p">);</span>
<span class="n">AutoSeeded_RNG</span> <span class="n">rng</span><span class="p">;</span>

<span class="n">SecureVector</span><span class="o">&lt;</span><span class="n">byte</span><span class="o">&gt;</span> <span class="n">salt</span> <span class="o">=</span> <span class="n">rng</span><span class="p">.</span><span class="n">random_vec</span><span class="p">(</span><span class="mi">16</span><span class="p">);</span>
<span class="n">OctetString</span> <span class="n">aes256_key</span> <span class="o">=</span> <span class="n">pbkdf</span><span class="o">-&gt;</span><span class="n">derive_key</span><span class="p">(</span><span class="mi">32</span><span class="p">,</span> <span class="s">&quot;password&quot;</span><span class="p">,</span>
                                           <span class="o">&amp;</span><span class="n">salt</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="n">salt</span><span class="p">.</span><span class="n">size</span><span class="p">(),</span>
                                           <span class="mi">10000</span><span class="p">);</span>
<div class="section" id="openpgp-s2k">
<h2>OpenPGP S2K<a class="headerlink" href="#openpgp-s2k" title="Permalink to this headline">¶</a></h2>
<p>There are some oddities about OpenPGP’s S2K algorithms that are
documented here. For one thing, it uses the iteration count in a
strange manner; instead of specifying how many times to iterate the
hash, it tells how many <em>bytes</em> should be hashed in total
(including the salt). So the exact iteration count will depend on the
size of the salt (which is fixed at 8 bytes by the OpenPGP standard,
though the implementation will allow any salt size) and the size of
the passphrase.</p>
<p>To get what OpenPGP calls “Simple S2K”, set iterations to 0, and do
not specify a salt. To get “Salted S2K”, again leave the iteration
count at 0, but give an 8-byte salt. “Salted and Iterated S2K”
requires an 8-byte salt and some iteration count (this should be
significantly larger than the size of the longest passphrase that
might reasonably be used; somewhere from 1024 to 65536 would probably
be about right). Using both a reasonably sized salt and a large
iteration count is highly recommended to prevent password guessing

        <div class="sidebar">
          <h3>Table of Contents</h3>
          <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="index.html">Welcome</a></li>
<li class="toctree-l1"><a class="reference internal" href="reading.html">Recommended Reading</a></li>
<li class="toctree-l1"><a class="reference internal" href="building.html">Building The Library</a></li>
<li class="toctree-l1"><a class="reference internal" href="firststep.html">Getting Started</a></li>
<li class="toctree-l1"><a class="reference internal" href="filters.html">Information Flow: Pipes and Filters</a></li>
<li class="toctree-l1"><a class="reference internal" href="pubkey.html">Public Key Cryptography</a></li>
<li class="toctree-l1"><a class="reference internal" href="x509.html">Certificate Handling</a></li>
<li class="toctree-l1"><a class="reference internal" href="ssl.html">SSL and TLS</a></li>
<li class="toctree-l1"><a class="reference internal" href="bigint.html">BigInt</a></li>
<li class="toctree-l1"><a class="reference internal" href="lowlevel.html">The Low-Level Interface</a></li>
<li class="toctree-l1"><a class="reference internal" href="secmem.html">Secure Memory Containers</a></li>
<li class="toctree-l1"><a class="reference internal" href="kdf.html">Key Derivation Functions</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">PBKDF Algorithms</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#openpgp-s2k">OpenPGP S2K</a></li>
<li class="toctree-l1"><a class="reference internal" href="passhash.html">Password Hashing</a></li>
<li class="toctree-l1"><a class="reference internal" href="rng.html">Random Number Generators</a></li>
<li class="toctree-l1"><a class="reference internal" href="fpe.html">Format Preserving Encryption</a></li>
<li class="toctree-l1"><a class="reference internal" href="python.html">Python Binding</a></li>

          <div role="search">
            <h3 style="margin-top: 1.5em;">Search</h3>
            <form class="search" action="search.html" method="get">
                <input type="text" name="q" />
                <input type="submit" value="Go" />
                <input type="hidden" name="check_keywords" value="yes" />
                <input type="hidden" name="area" value="default" />
        <div class="clearer"></div>

    <div class="footer-wrapper">
      <div class="footer">
        <div class="left">
          <div role="navigation" aria-label="related navigaton">
            <a href="kdf.html" title="Key Derivation Functions"
              accesskey="P">previous</a> |
            <a href="passhash.html" title="Password Hashing"
              accesskey="N">next</a> |
            <a href="genindex.html" title="General Index"
          <div role="note" aria-label="source link">
              <a href="_sources/pbkdf.txt"
                rel="nofollow">Show Source</a>

        <div class="right">
    <div class="footer" role="contentinfo">
        &#169; Copyright 2000-2011, Jack Lloyd.
      Created using <a href="">Sphinx</a> 1.8.3.
        <div class="clearer"></div>