PBKDF2

  1. PBKDF2
    1. Description
    2. Author
    3. Repository
    4. Requirements
    5. API
      1. Common Argument Definitions
        1. password
        2. salt
        3. count
        4. dklen
        5. result-type
      2. Procedures
        1. pbkdf1-md2
        2. pbkdf1-md5
        3. pbkdf1-sha1
        4. pbkdf2-hmac-sha1
        5. pbkdf2-hmac-sha256
        6. pbkdf2-hmac-sha384
        7. pbkdf2-hmac-sha512
    6. Examples
    7. License
    8. Version History

Description

Password-Based Key Derivation Function as defined in RFC2898

Note that PBKDF2 is recommended for new applications while PBKDF1 is recommended only for backwards compatibility with existing applications since the keys it produces may not be large enough for some applications.

Author

Tobias Heilig

<0x70b1 at web . de>

Repository

https://github.com/off-world/pbkdf2

Requirements

API

Common Argument Definitions

password

password as a string

salt

salt as a string

count

iteration count as a positive exact integer

dklen

length in bytes of the derived key as a positive exact integer

result-type
'blob
return resulting bytes as a blob
'hex
return resulting bytes as a string of lower-case hexadecimal digits
'string
return resulting bytes as a byte-string
'u8vector
return resulting bytes as a u8vector

Procedures

pbkdf1-md2
[procedure] (pbkdf1-md2 password salt count dklen #!optional (result-type 'blob))

Derives a key of dklen bytes from the given password and salt using PBKDF1 with MD2. The maximum length of the derived key is bounded by the length of the hash function output which is 16 bytes for MD2.

pbkdf1-md5
[procedure] (pbkdf1-md5 password salt count dklen #!optional (result-type 'blob))

Derives a key of dklen bytes from the given password and salt using PBKDF1 with MD5. The maximum length of the derived key is bounded by the length of the hash function output which is 16 bytes for MD5.

pbkdf1-sha1
[procedure] (pbkdf1-sha1 password salt count dklen #!optional (result-type 'blob))

Derives a key of dklen bytes from the given password and salt using PBKDF1 with SHA1. The maximum length of the derived key is bounded by the length of the hash function output which is 20 bytes for SHA1.

pbkdf2-hmac-sha1
[procedure] (pbkdf2-hmac-sha1 password salt count dklen #!optional (result-type 'blob))

Derives a key of dklen bytes from the given password and salt using PBKDF2 with HMAC-SHA1. The maximum length of the derived key is 2^32 - 1.

pbkdf2-hmac-sha256
[procedure] (pbkdf2-hmac-sha256 password salt count dklen #!optional (result-type 'blob))

Derives a key of dklen bytes from the given password and salt using PBKDF2 with HMAC-SHA256. The maximum length of the derived key is 2^32 - 1.

pbkdf2-hmac-sha384
[procedure] (pbkdf2-hmac-sha384 password salt count dklen #!optional (result-type 'blob))

Derives a key of dklen bytes from the given password and salt using PBKDF2 with HMAC-SHA384. The maximum length of the derived key is 2^32 - 1.

pbkdf2-hmac-sha512
[procedure] (pbkdf2-hmac-sha512 password salt count dklen #!optional (result-type 'blob))

Derives a key of dklen bytes from the given password and salt using PBKDF2 with HMAC-SHA512. The maximum length of the derived key is 2^32 - 1.

Examples

(use pbkdf2)
 
(pbkdf2-hmac-sha1 "password" "salt" 4096 20)
;=> #${4b007901b765489abead49d926f721d065a429c1}

(pbkdf2-hmac-sha1 "password" "salt" 4096 20 'hex)
;=> "4b007901b765489abead49d926f721d065a429c1"

License

Copyright (c) 2018, Tobias Heilig
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:

1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.
3. The name of the authors may not be used to endorse or promote products
   derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Version History

1.2
added MD2 support for PBKDF1
1.1
added PBKDF1 implementation
1.0
initial release