mundane::insecure

Function insecure_pbkdf2_hmac_sha1

Source
pub fn insecure_pbkdf2_hmac_sha1(
    password: &[u8],
    salt: &[u8],
    iters: NonZeroU32,
    out_key: &mut [u8],
)
👎Deprecated: PBKDF2-HMAC-SHA1 is considered insecure
Expand description

INSECURE: The PBKDF2 Key Derivation Function over HMAC-SHA1.

§Security

PBKDF2-HMAC-SHA1 is considered insecure, and should only be used for compatibility with legacy applications.

§Behavior

pbkdf2_hmac_sha1 computes iter iterations of PBKDF2-HMAC-SHA1 of password and salt. It stores the result in out_key.

PBKDF2 is defined in RSA Security LLC’s Public Key Cryptography Standards #5 (PKCS #5) v2.0. For details, see RFC 2898 Section 5.2.

§Further Security Considerations

While PBKDF2 can produce any amount of key output, the entropy of its output is bounded by the internal state. Be careful that the output key has enough entropy for your needs. See RFC 2898 Appendix B.1 for a discussion on calculating the effective entropy of PBKDF2, but keep in mind that SHA-1’s insecurities may affect this analysis! Also remember that new attacks are sometimes discovered, and it is your responsibility to keep up with the latest attacks; RFC 2898’s analysis may not be valid forever!