NAME
pkcs5_pbkdf2 —
password-based key derivation
function
SYNOPSIS
#include
<util.h>
int
pkcs5_pbkdf2(const
char *pass, size_t
pass_len, const char
*salt, size_t
salt_len, u_int8_t
*key, size_t
key_len, u_int
rounds);
DESCRIPTION
The pkcs5_pbkdf2 function converts a
password into a byte array suitable for use as an encryption key. The
password and salt values are combined and repeatedly hashed
rounds times. The salt value should be randomly
generated beforehand. The repeated hashing is designed to thwart discovery
of the key via password guessing attacks. The higher the number of rounds,
the slower each attempt will be. A minimum value of at least 1000 is
recommended.
RETURN VALUES
The pkcs5_pbkdf2() function returns 0 to
indicate success and -1 for failure.
SEE ALSO
STANDARDS
B. Kaliski, PKCS #5: Password-Based Cryptography Specification Version 2.0, RFC 2898, September 2000.
CAVEATS
The standard allows for different hash functions to be used. This implementation only uses sha1(1).