[OpenBSD]

Manual Page Search Parameters

PKCS5_PBKDF2(3) Library Functions Manual PKCS5_PBKDF2(3)

NAME

pkcs5_pbkdf2password-based key derivation function

SYNOPSIS

#include <util.h>
int
pkcs5_pbkdf2(const char *pass, size_t pass_len, const char *salt, size_t salt_len, u_int8_t *key, size_t key_len, u_int rounds);

DESCRIPTION

The pkcs5_pbkdf2 function converts a password into a byte array suitable for use as an encryption key. The password and salt values are combined and repeatedly hashed rounds times. The salt value should be randomly generated beforehand. The repeated hashing is designed to thwart discovery of the key via password guessing attacks. The higher the number of rounds, the slower each attempt will be. A minimum value of at least 1000 is recommended.

RETURN VALUES

The pkcs5_pbkdf2() function returns 0 to indicate success and -1 for failure.

SEE ALSO

sha1(1), bcrypt_pbkdf(3)

STANDARDS

B. Kaliski, PKCS #5: Password-Based Cryptography Specification Version 2.0, RFC 2898, September 2000.

CAVEATS

The standard allows for different hash functions to be used. This implementation only uses sha1(1).
June 5, 2013 OpenBSD-current