Skip to content

Commit c8cd614

Browse files
jedisct1andrewrk
jedisct1
authored and
andrewrk
committed
Move PBKDF2 to a pwhash category, clarify what that category is
Password hashing functions are not general-purpose KDFs, and KDFs don't have to satisfy the same properties as a PHF. This will allow fast KDFs such as the HKDF construction to be in a category of their own, while clarifying what functions are suitable for using passwords as inputs.
1 parent 72f4cdb commit c8cd614

File tree

1 file changed

+17
-6
lines changed

1 file changed

+17
-6
lines changed

lib/std/crypto.zig

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -35,12 +35,23 @@ pub const onetimeauth = struct {
3535
pub const Poly1305 = @import("crypto/poly1305.zig").Poly1305;
3636
};
3737

38-
/// A Key Derivation Function (KDF) is intended to turn a weak, human generated password into a
39-
/// strong key, suitable for cryptographic uses. It does this by salting and stretching the
40-
/// password. Salting injects non-secret random data, so that identical passwords will be converted
41-
/// into unique keys. Stretching applies a deliberately slow hashing function to frustrate
42-
/// brute-force guessing.
43-
pub const kdf = struct {
38+
/// A password hashing function derives a uniform key from low-entropy input material such as passwords.
39+
/// It is intentionally slow or expensive.
40+
///
41+
/// With the standard definition of a key derivation function, if a key space is small, an exhaustive search may be practical.
42+
/// Password hashing functions make exhaustive searches way slower or way more expensive, even when implemented on GPUs and ASICs, by using different, optionally combined strategies:
43+
///
44+
/// - Requiring a lot of computation cycles to complete
45+
/// - Requiring a lot of memory to complete
46+
/// - Requiring multiple CPU cores to complete
47+
/// - Requiring cache-local data to complete in reasonable time
48+
/// - Requiring large static tables
49+
/// - Avoiding precomputations and time/memory tradeoffs
50+
/// - Requiring multi-party computations
51+
/// - Combining the input material with random per-entry data (salts), application-specific contexts and keys
52+
///
53+
/// Password hashing functions must be used whenever sensitive data has to be directly derived from a password.
54+
pub const pwhash = struct {
4455
pub const pbkdf2 = @import("crypto/pbkdf2.zig").pbkdf2;
4556
};
4657

0 commit comments

Comments
 (0)