Key Derivation Function
Key Derivation Functions (KDFs) are used to stretch user supplied key material to a specific size or sizes required by high level cryptographic primitives. Crypto++ 6.0 and earlier simply provided derivation algorithms as a loose collection of KDFs.
Crypto++ 6.2 provided a simple KeyDerivationFunction interface to unify the programming interface. The interface allows the library to test and benchmark algorithms in a consistent and repeatable manner. Also see Issue 610, Add KeyDerivationFunction interface.
A Password Based Key Derivation Function stretches a secret passphrase or secret password to a specific size required by some other cryptographic function. The most common use of KDFs is during password verification.
The table below shows some of the key derivation functions. Not all of them are provided by the Crypto++ library, and the library provides more than is listed in the table.
|HKDF||-||Generic extract-then-expand KDF|
|Argon2||-||Winner of the PHC|
|Lyra2||-||Not provided by Crypto++|
|scrypt||"$s2$" or "$rscrypt$"||Original "memory hard" KDF|
|bcrypt||"$2y$"||Not provided by Crypto++|
|MD5||"$1$"||Not recommended for use|
|SHA1||-||Not recommended for use|
|NTHASH||"$3$"||Not recommended for use|
† The Modular Crypt Format prefix string for an algorithm always begins and ends with a dollar-sign symbol.