| Paul Kehrer | b6d764c | 2014-01-27 22:32:11 -0600 | [diff] [blame^] | 1 | .. hazmat:: |
| 2 | |
| 3 | Key Derivation Functions |
| 4 | ======================== |
| 5 | |
| 6 | .. currentmodule:: cryptography.hazmat.primitives.kdf |
| 7 | |
| 8 | Key derivation functions derive key material from information such as passwords |
| 9 | using a pseudo-random function (PRF). |
| 10 | |
| 11 | .. class:: PBKDF2(algorithm, length, salt, iterations, backend): |
| 12 | |
| 13 | .. doctest:: |
| 14 | |
| 15 | >>> from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2 |
| 16 | >>> from cryptography.hazmat.backends import default_backend |
| 17 | >>> backend = default_backend() |
| 18 | >>> salt = os.urandom(16) |
| 19 | >>> # derive |
| 20 | >>> kdf = PBKDF2(hashes.SHA1(), 20, salt, 10000, backend) |
| 21 | >>> key = kdf.derive(b"my great password") |
| 22 | >>> # verify |
| 23 | >>> kdf = PBKDF2(hashes.SHA1(), 20, salt, 10000, backend) |
| 24 | >>> kdf.verify(b"my great password", key) |
| 25 | None |
| 26 | |
| 27 | :param algorithm: An instance of a |
| 28 | :class:`~cryptography.hazmat.primitives.interfaces.HashAlgorithm` |
| 29 | provider. |
| 30 | |
| 31 | :param int length: The desired length of the derived key. Maximum is |
| 32 | 2\ :sup:`31` - 1. |
| 33 | |
| 34 | :param bytes salt: A salt. `NIST SP 800-132`_ recommends 128-bits or |
| 35 | longer. |
| 36 | |
| 37 | :param int iterations: The number of iterations to perform of the hash |
| 38 | function. |
| 39 | |
| 40 | .. _`NIST SP 800-132`: http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf |