1PBKDF2::Tiny(3)       User Contributed Perl Documentation      PBKDF2::Tiny(3)
2
3
4

NAME

6       PBKDF2::Tiny - Minimalist PBKDF2 (RFC 2898) with HMAC-SHA1 or HMAC-SHA2
7

VERSION

9       version 0.005
10

SYNOPSIS

12           use PBKDF2::Tiny qw/derive verify/;
13
14           my $dk = derive( 'SHA-1', $pass, $salt, $iters );
15
16           if ( verify( $dk, 'SHA-1', $pass, $salt, $iters ) ) {
17               # password is correct
18           }
19

DESCRIPTION

21       This module provides an RFC 2898 <https://tools.ietf.org/html/rfc2898>
22       compliant PBKDF2 implementation using HMAC-SHA1 or HMAC-SHA2 in under
23       100 lines of code.  If you are using Perl 5.10 or later, it uses only
24       core Perl modules.  If you are on an earlier version of Perl, you need
25       Digest::SHA or Digest::SHA::PurePerl.
26
27       All documented functions are optionally exported.  No functions are
28       exported by default.
29

FUNCTIONS

31   derive
32           $dk = derive( $type, $password, $salt, $iterations, $dk_length )
33
34       The "derive" function outputs a binary string with the derived key.
35       The first argument indicates the digest function to use.  It must be
36       one of: SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512.
37
38       If a password or salt are not provided, they default to the empty
39       string, so don't do that!  RFC 2898 recommends
40       <https://tools.ietf.org/html/rfc2898#section-4.1> a random salt of at
41       least 8 octets.  If you need a cryptographically strong salt, consider
42       Crypt::URandom.
43
44       The password and salt should encoded as octet strings. If not (i.e. if
45       Perl's internal 'UTF8' flag is on), then an exception will be thrown.
46
47       The number of iterations defaults to 1000 if not provided.  If the
48       derived key length is not provided, it defaults to the output size of
49       the digest function.
50
51   derive_hex
52       Works just like "derive" but outputs a hex string.
53
54   verify
55           $bool = verify( $dk, $type, $password, $salt, $iterations, $dk_length );
56
57       The "verify" function checks that a given derived key (in binary form)
58       matches the password and other parameters provided using a constant-
59       time comparison function.
60
61       The first parameter is the derived key to check.  The remaining
62       parameters are the same as for "derive".
63
64   verify_hex
65       Works just like "verify" but the derived key must be a hex string
66       (without a leading "0x").
67
68   digest_fcn
69           ($fcn, $block_size, $digest_length) = digest_fcn('SHA-1');
70           $digest = $fcn->($data);
71
72       This function is used internally by PBKDF2::Tiny, but made available in
73       case it's useful to someone.
74
75       Given one of the valid digest types, it returns a function reference
76       that digests a string of data. It also returns block size and digest
77       length for that digest type.
78
79   hmac
80           $key = $digest_fcn->($key) if length($key) > $block_size;
81           $hmac = hmac( $data, $key, $digest_fcn, $block_size );
82
83       This function is used internally by PBKDF2::Tiny, but made available in
84       case it's useful to someone.
85
86       The first two arguments are the data and key inputs to the HMAC
87       function.  Both should be encoded as octet strings, as underlying
88       HMAC/digest functions may croak or may give unexpected results if
89       Perl's internal UTF-8 flag is on.
90
91       Note: if the key is longer than the digest block size, it must be
92       preprocessed using the digesting function.
93
94       The third and fourth arguments must be a digesting code reference (from
95       "digest_fcn") and block size.
96

SEE ALSO

98       •   Crypt::PBKDF2
99
100       •   Digest::PBDKF2
101

SUPPORT

103   Bugs / Feature Requests
104       Please report any bugs or feature requests through the issue tracker at
105       <https://github.com/dagolden/PBKDF2-Tiny/issues>.  You will be notified
106       automatically of any progress on your issue.
107
108   Source Code
109       This is open source software.  The code repository is available for
110       public review and contribution under the terms of the license.
111
112       <https://github.com/dagolden/PBKDF2-Tiny>
113
114         git clone https://github.com/dagolden/PBKDF2-Tiny.git
115

AUTHOR

117       David Golden <dagolden@cpan.org>
118
120       This software is Copyright (c) 2014 by David Golden.
121
122       This is free software, licensed under:
123
124         The Apache License, Version 2.0, January 2004
125
126
127
128perl v5.32.1                      2021-01-27                   PBKDF2::Tiny(3)
Impressum