|
|
@ -1,4 +1,4 @@ |
|
|
|
.\" $OpenBSD: pkcs5_pbkdf2.3,v 1.2 2012/09/06 19:48:12 tedu Exp $ |
|
|
|
.\" $OpenBSD: pkcs5_pbkdf2.3,v 1.3 2012/09/07 05:48:20 jmc Exp $ |
|
|
|
.\" |
|
|
|
.\" Copyright (c) 2012 Ted Unangst <tedu@openbsd.org> |
|
|
|
.\" |
|
|
@ -14,12 +14,12 @@ |
|
|
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
|
|
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
|
|
|
.\" |
|
|
|
.Dd $Mdocdate: September 6 2012 $ |
|
|
|
.Dt pkcs5_pbkdf2 3 |
|
|
|
.Dd $Mdocdate: September 7 2012 $ |
|
|
|
.Dt PKCS5_PBKDF2 3 |
|
|
|
.Os |
|
|
|
.Sh NAME |
|
|
|
.Nm pkcs5_pbkdf2 |
|
|
|
.Nd password based key derivation function |
|
|
|
.Nd password-based key derivation function |
|
|
|
.Sh SYNOPSIS |
|
|
|
.Fd #include <util.h> |
|
|
|
.Ft int |
|
|
@ -29,7 +29,7 @@ |
|
|
|
The |
|
|
|
.Nm |
|
|
|
function converts a password into a byte array suitable for use as |
|
|
|
encryption key. |
|
|
|
an encryption key. |
|
|
|
The password and salt values are combined and repeatedly hashed |
|
|
|
.Ar rounds |
|
|
|
times. |
|
|
@ -37,7 +37,7 @@ The salt value should be randomly generated beforehand. |
|
|
|
The repeated hashing is designed to thwart discovery of the key via |
|
|
|
password guessing attacks. |
|
|
|
The higher the number of rounds, the slower each attempt will be. |
|
|
|
A minumum value of at least 1000 is recommended. |
|
|
|
A minimum value of at least 1000 is recommended. |
|
|
|
.Sh RETURN VALUES |
|
|
|
The |
|
|
|
.Fn pkcs5_pbkdf2 |
|
|
@ -47,7 +47,12 @@ function returns 0 to indicate success and -1 for failure. |
|
|
|
.Sh SEE ALSO |
|
|
|
.Xr sha1 1 |
|
|
|
.Sh STANDARDS |
|
|
|
RFC 2898 |
|
|
|
.Rs |
|
|
|
.%A B. Kaliski |
|
|
|
.%D September 2000 |
|
|
|
.%R RFC 2898 |
|
|
|
.%T PKCS #5: Password-Based Cryptography Specification Version 2.0 |
|
|
|
.Re |
|
|
|
.\" .Sh HISTORY |
|
|
|
.\" .Sh AUTHORS |
|
|
|
.Sh CAVEATS |
|
|
|