GenerateDerivedKey

GenerateDerivedKey[password]

generates a DerivedKey object from the password given.

GenerateDerivedKey[password,salt]

generates a DerivedKey object from the password and salt given.

Details and Options

  • GenerateDerivedKey uses a computation-intensive key derivation function to generate a cryptographically strong key hash.
  • password and salt can be strings, lists of integers representing byte values or ByteArray objects.
  • GenerateDerivedKey[password] is equivalent to GenerateDerivedKey[password,Automatic]. If salt is not provided, it is randomly generated.
  • GenerateDerivedKey takes a Method option, which uses an Association to specify a key derivation function and parameters.
  • Typical settings for Method include:
  • "Function"key derivation function
    "Parameters"key derivation function parameters
  • Supported key derivation functions are: "scrypt", "Argon2d", "Argon2i", "Argon2id".
  • Parameters for the "scrypt" key derivation function are an Association, which includes:
  • "KeySize"64desired key length in bytes
    "N"2^15computational cost factor
    "r"8block size factor
    "p"1parallelization factor
  • The value of "N" must be an integer power of 2 greater than 1.
  • Parameters for the "Argon2" key derivation functions are an Association, which includes:
  • "KeySize"64desired key length in bytes
    "t"2number of iterations
    "m"2^16memory size to use in kibibytes
    "p"1parallelization factor
  • The value of "m" must be an integer power of 2.
  • To generate a cryptographically secure key, parameters of the key derivation function are usually adjusted for the computation on a specific computer to take just below a fraction of a second.

Examples

open allclose all

Basic Examples  (13)

Generate derived key:

Generate derived key using password and salt:

Generate derived key using a list of integers as a password:

Generate derived key using ByteArray as a password:

Generate derived key using a list of integers as a salt:

Generate a derived key using specified key derivation function:

Specify a key derivation function:

Generate derived key using "scrypt" and specified parameters:

Generate derived key with specific parameters using password and salt:

Generate string representation of DerivedKey:

Construct DerivedKey from its string representation:

Generate a ByteArray from the password:

Specify a key derivation function and parameters:

Scope  (1)

Computation time increases linearly with r and p in "scrypt":

Applications  (3)

Generate cryptographically strong password hash from a simple password string:

Verify the password:

Verify the password using derived key in the string representation:

Properties & Relations  (3)

The same DerivedKey can be generated given the same password and salt:

Generate SymmetricKey from DerivedKey:

Compare keys created by derivation function and obtained from string representation of derived key:

Possible Issues  (4)

For certain parameters, generation of derived key may take significant time:

Parameters of key derivation function must be machine-size integers:

Some key derivation functions have restrictions on password and salt sizes:

When creating a symmetric key, random data taken from a derived key may be truncated to fit the new key size:

In order to generate a derived key of the desired size, the key size must be specified explicitly:

Introduced in 2019
 (12.0)