sodocumentation.net
Open in
urlscan Pro
2a06:98c1:3120::3
Public Scan
Submitted URL: http://sodocumentation.net/swift/topic/7053/pbkdf2-key-derivation
Effective URL: https://sodocumentation.net/swift/topic/7053/pbkdf2-key-derivation
Submission: On September 15 via manual from VN — Scanned from NL
Effective URL: https://sodocumentation.net/swift/topic/7053/pbkdf2-key-derivation
Submission: On September 15 via manual from VN — Scanned from NL
Form analysis
1 forms found in the DOMPOST https://zzzprojects.us9.list-manage.com/subscribe/post?u=cecbc4775cf67bf1ff82018af&id=98c3fcbe02
<form action="https://zzzprojects.us9.list-manage.com/subscribe/post?u=cecbc4775cf67bf1ff82018af&id=98c3fcbe02" method="post" target="_blank">
<input type="email" class="form-control" name="EMAIL" placeholder="Enter your email address">
<button type="submit" class="btn btn-z">
<i class="far fa-newspaper"></i> Subscribe </button>
</form>
Text Content
SO Documentation * Tags * Topics SWIFT LANGUAGE * Getting started with Swift Language * (Unsafe) Buffer Pointers * Access Control * Advanced Operators * AES encryption * Algorithms with Swift * Arrays * Associated Objects * Blocks * Booleans * Caching on disk space * Classes * Closures * Completion Handler * Concurrency * Conditionals * Cryptographic Hashing * Dependency Injection * Design Patterns - Creational * Design Patterns - Structural * Dictionaries * Documentation markup * Enums * Error Handling * Extensions * Function as first class citizens in Swift * Functional Programming in Swift * Functions * Generate UIImage of Initials from String * Generics * Getting Started with Protocol Oriented Programming * Initializers * Logging in Swift * Loops * Memory Management * Method Swizzling * NSRegularExpression in Swift * Numbers * Optionals * OptionSet * PBKDF2 Key Derivation * Performance * Protocols * Reading & Writing JSON * Reflection * RxSwift * Sets * Strings and Characters * Structs * Style Conventions * Swift Advance functions * Swift HTTP server by Kitura * Swift Package Manager * Switch * The Defer Statement * Tuples * Type Casting * Typealias * Variables & Properties * Working with C and Objective-C SWIFT LANGUAGE * Getting started with Swift Language * (Unsafe) Buffer Pointers * Access Control * Advanced Operators * AES encryption * Algorithms with Swift * Arrays * Associated Objects * Blocks * Booleans * Caching on disk space * Classes * Closures * Completion Handler * Concurrency * Conditionals * Cryptographic Hashing * Dependency Injection * Design Patterns - Creational * Design Patterns - Structural * Dictionaries * Documentation markup * Enums * Error Handling * Extensions * Function as first class citizens in Swift * Functional Programming in Swift * Functions * Generate UIImage of Initials from String * Generics * Getting Started with Protocol Oriented Programming * Initializers * Logging in Swift * Loops * Memory Management * Method Swizzling * NSRegularExpression in Swift * Numbers * Optionals * OptionSet * PBKDF2 Key Derivation * Performance * Protocols * Reading & Writing JSON * Reflection * RxSwift * Sets * Strings and Characters * Structs * Style Conventions * Swift Advance functions * Swift HTTP server by Kitura * Swift Package Manager * Switch * The Defer Statement * Tuples * Type Casting * Typealias * Variables & Properties * Working with C and Objective-C SWIFT LANGUAGE PBKDF2 KEY DERIVATION PASSWORD BASED KEY DERIVATION 2 (SWIFT 3)# Password Based Key Derivation can be used both for deriving an encryption key from password text and saving a password for authentication purposes. There are several hash algorithms that can be used including SHA1, SHA256, SHA512 which are provided by this example code. The rounds parameter is used to make the calculation slow so that an attacker will have to spend substantial time on each attempt. Typical delay values fall in the 100ms to 500ms, shorter values can be used if there is unacceptable performance. This example requires Common Crypto It is necessary to have a bridging header to the project: #import <CommonCrypto/CommonCrypto.h> Add the Security.framework to the project. Parameters: password password String salt salt Data keyByteCount number of key bytes to generate rounds Iteration rounds returns Derived key func pbkdf2SHA1(password: String, salt: Data, keyByteCount: Int, rounds: Int) -> Data? { return pbkdf2(hash:CCPBKDFAlgorithm(kCCPRFHmacAlgSHA1), password:password, salt:salt, keyByteCount:keyByteCount, rounds:rounds) } func pbkdf2SHA256(password: String, salt: Data, keyByteCount: Int, rounds: Int) -> Data? { return pbkdf2(hash:CCPBKDFAlgorithm(kCCPRFHmacAlgSHA256), password:password, salt:salt, keyByteCount:keyByteCount, rounds:rounds) } func pbkdf2SHA512(password: String, salt: Data, keyByteCount: Int, rounds: Int) -> Data? { return pbkdf2(hash:CCPBKDFAlgorithm(kCCPRFHmacAlgSHA512), password:password, salt:salt, keyByteCount:keyByteCount, rounds:rounds) } func pbkdf2(hash :CCPBKDFAlgorithm, password: String, salt: Data, keyByteCount: Int, rounds: Int) -> Data? { let passwordData = password.data(using:String.Encoding.utf8)! var derivedKeyData = Data(repeating:0, count:keyByteCount) let derivationStatus = derivedKeyData.withUnsafeMutableBytes {derivedKeyBytes in salt.withUnsafeBytes { saltBytes in CCKeyDerivationPBKDF( CCPBKDFAlgorithm(kCCPBKDF2), password, passwordData.count, saltBytes, salt.count, hash, UInt32(rounds), derivedKeyBytes, derivedKeyData.count) } } if (derivationStatus != 0) { print("Error: \(derivationStatus)") return nil; } return derivedKeyData } Example usage: let password = "password" //let salt = "saltData".data(using: String.Encoding.utf8)! let salt = Data(bytes: [0x73, 0x61, 0x6c, 0x74, 0x44, 0x61, 0x74, 0x61]) let keyByteCount = 16 let rounds = 100000 let derivedKey = pbkdf2SHA1(password:password, salt:salt, keyByteCount:keyByteCount, rounds:rounds) print("derivedKey (SHA1): \(derivedKey! as NSData)") Example Output: derivedKey (SHA1): <6b9d4fa3 0385d128 f6d196ee 3f1d6dbf> PASSWORD BASED KEY DERIVATION 2 (SWIFT 2.3)# See Swift 3 example for usage information and notes func pbkdf2SHA1(password: String, salt: [UInt8], keyCount: Int, rounds: Int) -> [UInt8]? { return pbkdf2(CCPBKDFAlgorithm(kCCPRFHmacAlgSHA1), password:password, salt:salt, keyCount:keyCount, rounds:UInt32(rounds)) } func pbkdf2SHA256(password: String, salt: [UInt8], keyCount: Int, rounds: Int) -> [UInt8]? { return pbkdf2(CCPBKDFAlgorithm(kCCPRFHmacAlgSHA256), password:password, salt:salt, keyCount:keyCount, rounds:UInt32(rounds)) } func pbkdf2SHA512(password: String, salt: [UInt8], keyCount: Int, rounds: Int) -> [UInt8]? { return pbkdf2(CCPBKDFAlgorithm(kCCPRFHmacAlgSHA512), password:password, salt:salt, keyCount:keyCount, rounds:UInt32(rounds)) } func pbkdf2(hash :CCPBKDFAlgorithm, password: String, salt: [UInt8], keyCount: Int, rounds: UInt32!) -> [UInt8]! { let derivedKey = [UInt8](count:keyCount, repeatedValue:0) let passwordData = password.dataUsingEncoding(NSUTF8StringEncoding)! let derivationStatus = CCKeyDerivationPBKDF( CCPBKDFAlgorithm(kCCPBKDF2), UnsafePointer<Int8>(passwordData.bytes), passwordData.length, UnsafePointer<UInt8>(salt), salt.count, CCPseudoRandomAlgorithm(hash), rounds, UnsafeMutablePointer<UInt8>(derivedKey), derivedKey.count) if (derivationStatus != 0) { print("Error: \(derivationStatus)") return nil; } return derivedKey } Example usage: let password = "password" // let salt = [UInt8]("saltData".utf8) let salt = [UInt8]([0x73, 0x61, 0x6c, 0x74, 0x44, 0x61, 0x74, 0x61]) let rounds = 100_000 let keyCount = 16 let derivedKey = pbkdf2SHA1(password, salt:salt, keyCount:keyCount, rounds:rounds) print("derivedKey (SHA1): \(NSData(bytes:derivedKey!, length:derivedKey!.count))") Example Output: derivedKey (SHA1): <6b9d4fa3 0385d128 f6d196ee 3f1d6dbf> PASSWORD BASED KEY DERIVATION CALIBRATION (SWIFT 2.3)# See Swift 3 example for usage information and notes func pbkdf2SHA1Calibrate(password:String, salt:[UInt8], msec:Int) -> UInt32 { let actualRoundCount: UInt32 = CCCalibratePBKDF( CCPBKDFAlgorithm(kCCPBKDF2), password.utf8.count, salt.count, CCPseudoRandomAlgorithm(kCCPRFHmacAlgSHA1), kCCKeySizeAES256, UInt32(msec)); return actualRoundCount } Example usage: let saltData = [UInt8]([0x73, 0x61, 0x6c, 0x74, 0x44, 0x61, 0x74, 0x61]) let passwordString = "password" let delayMsec = 100 let rounds = pbkdf2SHA1Calibrate(passwordString, salt:saltData, msec:delayMsec) print("For \(delayMsec) msec delay, rounds: \(rounds)") Example Output: > For 100 msec delay, rounds: 94339 PASSWORD BASED KEY DERIVATION CALIBRATION (SWIFT 3)# Determine the number of PRF rounds to use for a specific delay on the current platform. Several parameters are defaulted to representative values that should not materially affect the round count. password Sample password. salt Sample salt. msec Targeted duration we want to achieve for a key derivation. returns The number of iterations to use for the desired processing time. func pbkdf2SHA1Calibrate(password: String, salt: Data, msec: Int) -> UInt32 { let actualRoundCount: UInt32 = CCCalibratePBKDF( CCPBKDFAlgorithm(kCCPBKDF2), password.utf8.count, salt.count, CCPseudoRandomAlgorithm(kCCPRFHmacAlgSHA1), kCCKeySizeAES256, UInt32(msec)); return actualRoundCount } Example usage: let saltData = Data(bytes: [0x73, 0x61, 0x6c, 0x74, 0x44, 0x61, 0x74, 0x61]) let passwordString = "password" let delayMsec = 100 let rounds = pbkdf2SHA1Calibrate(password:passwordString, salt:saltData, msec:delayMsec) print("For \(delayMsec) msec delay, rounds: \(rounds)") Example Output: For 100 msec delay, rounds: 93457 AddThis Sharing Buttons Share to FacebookFacebookFacebookShare to TwitterTwitterTwitterShare to MoreAddThisMore Previous Next This modified text is an extract of the original Stack Overflow Documentation created by following contributors and released under CC BY-SA 3.0 This website is not affiliated with Stack Overflow SUPPORT & PARTNERS * Advertise with us * Contact us * Privacy Policy STAY CONNECTED Get monthly updates about new articles, cheatsheets, and tricks. Subscribe x