PBKDF2 (Password-Based Key Derivation Function) is a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2.0

 Thanks to Jochen Hoenicke <hoenicke@gmail.com>
# (one of the authors of Palm Keyring)
# for these next two subs.

# Usage pbkdf2(password, salt, iter, keylen, prf)
# iter is number of iterations
# keylen is length of generated key in bytes
# prf is the pseudo random function (e.g. hmac_sha1)
# returns the key.
sub _pbkdf2($$$$$)
{
    my ($password, $salt, $iter, $keylen, $prf) = @_;
    my ($k, $t, $u, $ui, $i);
    $t = "";
    for ($k = 1; length($t) <  $keylen; $k++) {
    $u = $ui = &$prf($salt.pack('N', $k), $password);
    for ($i = 1; $i < $iter; $i++) {
        $ui = &$prf($ui, $password);
        $u ^= $ui;
    }
    $t .= $u;
    }
    return substr($t, 0, $keylen);
}
[download]

Whether it conforms to the spec or not is another question :)

Clint

I had already intended to CPAN it if I had to implement it myself. I'll get in touch with Jochen and see what he has to say about getting it up there (assuming it works right).

Ah, yes... I always forget that Google has a code search, too. Thanks for the reminder!

I also recently wanted to use the PBKDF2 hashing function to generate cryptographic keys from a user password (that is actually what is was for, though a password crypt function is also a good use).

I found the Filter::Crypto module which does use this function but only internally in embedded C code (also for password to key hashing). It does not make it available within perl itself.

Also recently I found another perl module, Crypt::PBKDF2 which actually implements this hashing function completely in perl. However it has 8 or or very non-standard perm module dependencies, which in turn has many many more non-standard perl module dependencies. In other words just to get this module working you have to go though dependency hell! It also provides extra library functions that would have been been better implements using normal simple perl functions rather than given as separate module functions.

I resolved the problem for the time being by compiling a trival C program to allow me to call the OpenSSL library implementation of this hashing function PKCS5_PBKDF2_HMAC_SHA1(). I can then open2() that simple program and pipe the users password in (with the appropriate salt, and iterative count) to get the required hashed result.

The trivial C program was created from a file found on the OpenSSL cryptography mailing lists, and its source is available from my web site

pbkdf2.c

The perl script I use it in is also available at

encrypt.pl

Its a file encrypt/decrypt program similar to but more secure than the openssl enc file encryption.

I will be looking at using the hashing function provided above, though it says two functions when only one is provided (missing the hmac_sha1() function), and comparing it to the OpenSSL implementation to so how compatible it really is. I'll try to let you know. Any suggestions or comments about the provided code also welcome. Anthony Thyssen <A.Thyssen@griffith.edu.au>

Yes the provided code does recreate the same results as the C program using the openSSL library.

If you like to compare it and see a working implementation (usable both as a module or as a standalone script) download.

pbkdf2.pl

Enjoy anthony Thyssen <A.Thyssen@griffith.edu.au>