pub fn derive(
algorithm: Algorithm,
iterations: NonZeroU32,
salt: &[u8],
secret: &[u8],
out: &mut [u8],
)
Expand description
Fills out
with the key derived using PBKDF2 with the given inputs.
Do not use derive
as part of verifying a secret; use verify
instead, to
minimize the effectiveness of timing attacks.
out.len()
must be no larger than the digest length * (2**32 - 1), per the
PBKDF2 specification.
Parameter | RFC 2898 Section 5.2 Term |
---|---|
digest_alg | PRF (HMAC with the given digest algorithm) |
iterations | c (iteration count) |
salt | S (salt) |
secret | P (password) |
out | dk (derived key) |
out.len() | dkLen (derived key length) |
§Panics
Panics if out.len() > u32::MAX * digest_alg.output_len()
, where
digest_alg
is the underlying HMAC/digest algorithm.
Panics if salt
is so astronomically gigantic that it isn’t a valid input
to the underlying digest function.
Panics if secret
is so astronomically gigantic that it isn’t a valid
input to the underlying digest function.