GenerateDerivedKey
GenerateDerivedKey[password]
generates a DerivedKey object from the password given.
GenerateDerivedKey[password,salt]
generates a DerivedKey object from the password and salt given.
Details and Options
- GenerateDerivedKey uses a computation-intensive key derivation function to generate a cryptographically strong key hash.
- password and salt can be strings, lists of integers representing byte values or ByteArray objects.
- GenerateDerivedKey[password] is equivalent to GenerateDerivedKey[password,Automatic]. If salt is not provided, it is randomly generated.
- GenerateDerivedKey takes a Method option, which uses an Association to specify a key derivation function and parameters.
- Typical settings for Method include:
-
"Function" key derivation function "FunctionParameters" key derivation function parameters - Supported key derivation functions are: "scrypt", "Argon2d", "Argon2i", "Argon2id".
- Function parameters for the "scrypt" key derivation function are an Association, which includes:
-
"KeySize" 64 desired key length in bytes "N" 2^15 computational cost factor "r" 8 block size factor "p" 1 parallelization factor - The value of "N" must be an integer power of 2 greater than 1.
- Function parameters for the "Argon2x" key derivation functions are an Association, which includes:
-
"KeySize" 64 desired key length in bytes "t" 2 number of iterations "m" 2^16 memory size to use in kibibytes "p" 1 parallelization factor - The value of "m" must be an integer power of 2.
- To generate a cryptographically secure key, parameters of the key derivation function are usually adjusted for the computation on a specific computer to take just below a fraction of a second.
Examples
open allclose allScope (8)
Generate a derived key using a list of integers as a password:
Generate a derived key using ByteArray as a password:
Generate a derived key using a list of integers as a salt:
Customize the parameters for the default "scrypt" method:
Use an alternate key derivation function to generate a derived key:
Specify a key derivation function and parameters:
Generate string representation of DerivedKey:
Reconstruct the key from its string representation using DerivedKey:
The new key is identical to the original:
Generate a ByteArray from the password:
Options (2)
Applications (3)
Properties & Relations (3)
DerivedKey is generated deterministically from the given the same password and salt:
This also applies to generating keys from their string representation:
Computation time increases linearly with "r" in "scrypt":
It increases linearly in "p" as well:
Generate SymmetricKey from DerivedKey:
Possible Issues (4)
For certain parameters, generation of derived key may take significant time:
Parameters of key derivation function must be machine-size integers:
Some key derivation functions have restrictions on password and salt sizes:
When creating a symmetric key, random data taken from a derived key may be truncated to fit the new key size:
In order to generate a derived key of the desired size, the key size must be specified explicitly:
Text
Wolfram Research (2019), GenerateDerivedKey, Wolfram Language function, https://reference.wolfram.com/language/ref/GenerateDerivedKey.html (updated 2020).
CMS
Wolfram Language. 2019. "GenerateDerivedKey." Wolfram Language & System Documentation Center. Wolfram Research. Last Modified 2020. https://reference.wolfram.com/language/ref/GenerateDerivedKey.html.
APA
Wolfram Language. (2019). GenerateDerivedKey. Wolfram Language & System Documentation Center. Retrieved from https://reference.wolfram.com/language/ref/GenerateDerivedKey.html