1.\" $OpenBSD: bcrypt_pbkdf.3,v 1.6 2014/11/25 03:37:12 tedu Exp $ 2.\" 3.\" Copyright (c) 2012 Ted Unangst <tedu@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.Dd $Mdocdate: November 25 2014 $ 18.Dt BCRYPT_PBKDF 3 19.Os 20.Sh NAME 21.Nm bcrypt_pbkdf 22.Nd bcrypt password-based key derivation function 23.Sh SYNOPSIS 24.In util.h 25.Ft int 26.Fn bcrypt_pbkdf "const char *pass" "size_t pass_len" "const uint8_t *salt" \ 27 "size_t salt_len" "uint8_t *key" "size_t key_len" "unsigned int rounds" 28.Sh DESCRIPTION 29The 30.Nm 31function converts a password into a byte array suitable for use as 32an encryption key. 33The password and salt values are combined and repeatedly hashed 34.Ar rounds 35times. 36The salt value should be randomly generated beforehand. 37The repeated hashing is designed to thwart discovery of the key via 38password guessing attacks. 39The higher the number of rounds, the slower each attempt will be. 40.\" A minimum value of at least 4 is recommended. 41.Sh RETURN VALUES 42The 43.Fn bcrypt_pbkdf 44function returns 0 to indicate success and \-1 for failure. 45.\" .Sh EXAMPLES 46.\" .Sh ERRORS 47.Sh SEE ALSO 48.Xr bcrypt 3 49.Sh STANDARDS 50.Rs 51.%A Niels Provos and David Mazieres 52.%D June 1999 53.%T A Future-Adaptable Password Scheme 54.Re 55.Pp 56.Rs 57.%A B. Kaliski 58.%D September 2000 59.%R RFC 2898 60.%T PKCS #5: Password-Based Cryptography Specification Version 2.0 61.Re 62.\" .Sh HISTORY 63.\" .Sh AUTHORS 64.Sh CAVEATS 65This implementation deviates slightly from the PBKDF2 standard by mixing 66output key bits nonlinearly. 67By mixing the output bytes together, an attacker is required to perform 68all of the work without taking any shortcuts. 69.\" .Sh BUGS 70