pub fn derive(
algorithm: Algorithm,
iterations: NonZeroU32,
salt: &[u8],
secret: &[u8],
out: &mut [u8],
)Expand description
Fills out with the key derived using PBKDF2 with the given inputs.
Do not use derive as part of verifying a secret; use verify instead, to
minimize the effectiveness of timing attacks.
out.len() must be no larger than the digest length * (2**32 - 1), per the
PBKDF2 specification.
| Parameter | RFC 2898 Section 5.2 Term |
|---|---|
| digest_alg | PRF (HMAC with the given digest algorithm) |
| iterations | c (iteration count) |
| salt | S (salt) |
| secret | P (password) |
| out | dk (derived key) |
| out.len() | dkLen (derived key length) |
§Panics
Panics if out.len() > u32::MAX * digest_alg.output_len(), where
digest_alg is the underlying HMAC/digest algorithm.
Panics if salt is so astronomically gigantic that it isn’t a valid input
to the underlying digest function.
Panics if secret is so astronomically gigantic that it isn’t a valid
input to the underlying digest function.