I also recently wanted to use the PBKDF2 hashing function to generate cryptographic keys from a user password (that is actually what is was for, though a password crypt function is also a good use).

I found the Filter::Crypto module which does use this function but only internally in embedded C code (also for password to key hashing). It does not make it available within perl itself.

Also recently I found another perl module, Crypt::PBKDF2 which actually implements this hashing function completely in perl. However it has 8 or or very non-standard perm module dependencies, which in turn has many many more non-standard perl module dependencies. In other words just to get this module working you have to go though dependency hell! It also provides extra library functions that would have been been better implements using normal simple perl functions rather than given as separate module functions.

I resolved the problem for the time being by compiling a trival C program to allow me to call the OpenSSL library implementation of this hashing function PKCS5_PBKDF2_HMAC_SHA1(). I can then open2() that simple program and pipe the users password in (with the appropriate salt, and iterative count) to get the required hashed result.

The trivial C program was created from a file found on the OpenSSL cryptography mailing lists, and its source is available from my web site

pbkdf2.c

The perl script I use it in is also available at

encrypt.pl

Its a file encrypt/decrypt program similar to but more secure than the openssl enc file encryption.

I will be looking at using the hashing function provided above, though it says two functions when only one is provided (missing the hmac_sha1() function), and comparing it to the OpenSSL implementation to so how compatible it really is. I'll try to let you know. Any suggestions or comments about the provided code also welcome. Anthony Thyssen <A.Thyssen@griffith.edu.au>