7.6. Password-Based Key Derivation Function¶

A Password-Based Key Derivation Function (PBKDF) is an appropriate way to deterministically derive a cryptographic key from a password/passphrase that has at least a moderate level of entropy (e.g. 40 bits or so). If the password/passphrase has low entropy, then deriving a cryptographic key from it using a PBKDF will be insecure.

Argon2, the hash algorithm used here, is designed to be intentionally slow to execute (i.e. cpu and memory intensive). This property makes it expensive (i.e. cpu and memory intensive) for an adversary to brute force the input password/passphrase given the output hash.

In contrast, Hash-based Key Derivation Functions (HKDFs) use cryptographic hash functions that are very quick to execute (i.e. not cpu and memory intensive), which makes them unsuitable for deriving cryptographic keys from user generated password/passphrases.

In the real world, users might happen to choose the same password, which will hash to the same value since hashes are deterministic. To make it more difficult for adversaries to brute force duplicate passwords when password hashes are leaked, a unique salt should be added for each user before hasing the password.

Function:

Argon2Key(password []byte, salt []byte, keyLen uint32) ([]byte)¶

Returns a keyLen length symmetric key derived from the given password and salt.

Parameters

• password ([]byte) – A password or passphrase

• salt ([]byte) – A salt value

• keyLen (uint32) – Desired length of the key to derive

Returns

Symmetric key of length keyLen

Return type

[]byte