Function sodiumoxide::crypto::pwhash::scryptsalsa208sha256::derive_key [−] [src]

pub fn derive_key<'a>(
    key: &'a mut [u8], 
    passwd: &[u8], 
    Salt: &Salt, 
    OpsLimit: OpsLimit, 
    MemLimit: MemLimit
) -> Result<&'a [u8], ()>

The derive_key() function derives a key from a password and a Salt

The computed key is stored into key.

opslimit represents a maximum amount of computations to perform. Raising this number will make the function require more CPU cycles to compute a key.

memlimit is the maximum amount of RAM that the function will use, in bytes. It is highly recommended to allow the function to use at least 16 megabytes.

For interactive, online operations, OPSLIMIT_INTERACTIVE and MEMLIMIT_INTERACTIVE provide a safe base line for these two parameters. However, using higher values may improve security.

For highly sensitive data, OPSLIMIT_SENSITIVE and MEMLIMIT_SENSITIVE can be used as an alternative. But with these parameters, deriving a key takes more than 10 seconds on a 2.8 Ghz Core i7 CPU and requires up to 1 gigabyte of dedicated RAM.

The salt should be unpredictable. gen_salt() is the easiest way to create a Salt.

Keep in mind that in order to produce the same key from the same password, the same salt, and the same values for opslimit and memlimit have to be used.

The function returns Ok(key) on success and Err(()) if the computation didn't complete, usually because the operating system refused to allocate the amount of requested memory.