Function mundane::kdf::pbkdf2

source ·
pub fn pbkdf2<H: Hasher>(
    password: &[u8],
    salt: &[u8],
    iters: NonZeroU32,
    out_key: &mut [u8]
Expand description

The PBKDF2 Key Derivation Function.

pbkdf2 computes iter iterations of PBKDF2 of password and salt, using an HMAC based on the hash function H. It stores the result in out_key. Note that PBKDF2 can produce variable-length output, so it will always fill the entirety of out_key regardless of its length.

PBKDF2 is defined in RSA Security LLC’s Public Key Cryptography Standards #5 (PKCS #5) v2.0. For details, see RFC 2898 Section 5.2.


While PBKDF2 can produce any amount of key output, the entropy of its output is bounded by the internal state. Be careful that the output key has enough entropy for your needs. See RFC 2898 Appendix B.1 for a discussion on calculating the effective entropy of PBKDF2. Also remember that new attacks are sometimes discovered, and it is your responsibility to keep up with the latest attacks; RFC 2898’s analysis may not be valid forever!