ring::pbkdf2

Function derive

Source
pub fn derive(
    algorithm: Algorithm,
    iterations: NonZeroU32,
    salt: &[u8],
    secret: &[u8],
    out: &mut [u8],
)
Expand description

Fills out with the key derived using PBKDF2 with the given inputs.

Do not use derive as part of verifying a secret; use verify instead, to minimize the effectiveness of timing attacks.

out.len() must be no larger than the digest length * (2**32 - 1), per the PBKDF2 specification.

ParameterRFC 2898 Section 5.2 Term
digest_algPRF (HMAC with the given digest algorithm)
iterationsc (iteration count)
saltS (salt)
secretP (password)
outdk (derived key)
out.len()dkLen (derived key length)

§Panics

Panics if out.len() > u32::MAX * digest_alg.output_len(), where digest_alg is the underlying HMAC/digest algorithm.

Panics if salt is so astronomically gigantic that it isn’t a valid input to the underlying digest function.

Panics if secret is so astronomically gigantic that it isn’t a valid input to the underlying digest function.