generates a DerivedKey object from the password given.
generates a DerivedKey object from the password and salt given.
Details and Options
- GenerateDerivedKey uses a computation-intensive key derivation function to generate a cryptographically strong key hash.
- password and salt can be strings, lists of integers representing byte values or ByteArray objects.
- GenerateDerivedKey[password] is equivalent to GenerateDerivedKey[password,Automatic]. If salt is not provided, it is randomly generated.
- GenerateDerivedKey takes a Method option, which uses an Association to specify a key derivation function and parameters.
- Typical settings for Method include:
"Function" key derivation function "FunctionParameters" key derivation function parameters
- Supported key derivation functions are: "scrypt", "Argon2d", "Argon2i", "Argon2id".
- Function parameters for the "scrypt" key derivation function are an Association, which includes:
"KeySize" 64 desired key length in bytes "N" 2^15 computational cost factor "r" 8 block size factor "p" 1 parallelization factor
- The value of "N" must be an integer power of 2 greater than 1.
- Function parameters for the "Argon2" key derivation functions are an Association, which includes:
"KeySize" 64 desired key length in bytes "t" 2 number of iterations "m" 2^16 memory size to use in kibibytes "p" 1 parallelization factor
- The value of "m" must be an integer power of 2.
- To generate a cryptographically secure key, parameters of the key derivation function are usually adjusted for the computation on a specific computer to take just below a fraction of a second.
Examplesopen allclose all
Basic Examples (13)
Generate derived key using password and salt:
Generate derived key using a list of integers as a password:
Generate derived key using ByteArray as a password:
Generate derived key using a list of integers as a salt:
Generate a derived key using specified key derivation function:
Specify a key derivation function:
Generate derived key using "scrypt" and specified function parameters:
Generate derived key with specific parameters using password and salt:
Generate string representation of DerivedKey:
Construct DerivedKey from its string representation:
Generate a ByteArray from the password:
Properties & Relations (3)
The same DerivedKey can be generated given the same password and salt:
Generate SymmetricKey from DerivedKey:
Compare keys created by derivation function and obtained from string representation of derived key:
Possible Issues (4)
For certain parameters, generation of derived key may take significant time:
Parameters of key derivation function must be machine-size integers:
Some key derivation functions have restrictions on password and salt sizes:
When creating a symmetric key, random data taken from a derived key may be truncated to fit the new key size:
In order to generate a derived key of the desired size, the key size must be specified explicitly:
Wolfram Research (2019), GenerateDerivedKey, Wolfram Language function, https://reference.wolfram.com/language/ref/GenerateDerivedKey.html (updated 2020).
Wolfram Language. 2019. "GenerateDerivedKey." Wolfram Language & System Documentation Center. Wolfram Research. Last Modified 2020. https://reference.wolfram.com/language/ref/GenerateDerivedKey.html.
Wolfram Language. (2019). GenerateDerivedKey. Wolfram Language & System Documentation Center. Retrieved from https://reference.wolfram.com/language/ref/GenerateDerivedKey.html