Key Derivation Function

From Crypto++ Wiki
Jump to navigation Jump to search

Key Derivation Functions (KDFs) are used to stretch user supplied key material to a specific size or sizes required by high level cryptographic primitives. Crypto++ 6.0 and earlier simply provided derivation algorithms as a loose collection of KDFs.

Crypto++ 6.2 provided a simple KeyDerivationFunction interface to unify the programming interface. The interface allows the library to test and benchmark algorithms in a consistent and repeatable manner. Also see Issue 610, Add KeyDerivationFunction interface.

A Password Based Key Derivation Function stretches a secret passphrase or secret password to a specific size required by some other cryptographic function. The most common use of KDFs is during password verification.

The table below shows some of the key derivation functions. Not all of them are provided by the Crypto++ library, and the library provides more than is listed in the table.

Algorithm Prefix Comment
HKDF - Generic extract-then-expand KDF
Argon2 - Winner of the PHC
Lyra2 - Not provided by Crypto++
scrypt "$s2$" or "$rscrypt$" Original "memory hard" KDF
bcrypt "$2y$" Not provided by Crypto++
PBKDF2 "$pbkdf2-sha256$" -
MD5 "$1$" Not recommended for use
SHA1 - Not recommended for use
NTHASH "$3$" Not recommended for use

The Modular Crypt Format prefix string for an algorithm always begins and ends with a dollar-sign symbol.

Further reading