bcrypt password-based key derivation
function converts a password into
a byte array suitable for use as an encryption key. The password and salt
values are combined and repeatedly hashed
times. The salt value should be
randomly generated beforehand. The repeated hashing is designed to thwart
discovery of the key via password guessing attacks. The higher the number of
rounds, the slower each attempt will be.
() function returns 0 to indicate
success and -1 for failure.
Niels Provos and David
Mazieres, A Future-Adaptable Password Scheme,
PKCS #5: Password-Based Cryptography Specification Version
2.0, RFC 2898, September
This implementation deviates slightly from the PBKDF2 standard by mixing output
key bits nonlinearly. By mixing the output bytes together, an attacker is
required to perform all of the work without taking any shortcuts.