使用PBKDF2密钥派生用rust-crypto正确创建用户可读的盐 [英] Using PBKDF2 key derivation to properly create user-readable salt with rust-crypto

问题描述

我目前正在为标准文件创建客户端，其中涉及使用PBKDF2来提高安全性。我正在使用 rust-crypto ，尽管我已经试验了ring和rust-openssl。

I am currently working on creating a client for Standard File, which involves using PBKDF2 for security. I'm using rust-crypto, although I have experimented with ring and rust-openssl.

首先，您要获取盐，成本和服务器通过 / auth / param 端点的版本号。我将这些序列化为带有Serde的结构。

First, you retrieve a salt, cost and version number from the server through the /auth/param endpoint. I have these serialized into a struct with Serde.

#[derive(Serialize, Deserialize, Clone, Debug)]
pub struct PWHash {
    pub pw_salt: String,
    pub pw_cost: u32,
    pub version: String,
}

我看过的以前的客户端是使用Python实现的，其中PBKDF2函数似乎都接受字符串。但是，对于带有Rust的PBKDF2，它们都接受& [u8] 作为参数。

Previous clients I have looked at implemented using Python, where the PBKDF2 functions all seem to accept strings. However, for PBKDF2 with Rust, they all accept &[u8] as the parameter.

我使用 .as_bytes（），然后再调用 str :: from_utf8 输出派生密钥。但是，这样做时会失败，并显示 Err（Utf8Error {valid_up_to：0，error_len：Some（1）}）。

I use .as_bytes() when calling the function, and then str::from_utf8 to output the derived key. However, when doing so, it fails with Err(Utf8Error { valid_up_to: 0, error_len: Some(1) }).

这是一个代码段：

pub fn hashcompute(&self, password: String) {
    let mut dk = [0u8; 768]; // derived key
    let mut mac = Hmac::new(Sha512::new(), password.as_bytes());
    pbkdf2::pbkdf2(&mut mac, self.pw_salt.as_bytes(), self.pw_cost, &mut dk);

    println!("{:?}", str::from_utf8(&dk));
}

甚至 String :: from_utf8_lossy 返回不可读字符的结果。

Even String::from_utf8_lossy returns a result of unreadable characters.

如何正确格式化Rust字符串以正确使用密码？还有另一个功能正常的库吗？还是这是一个丢失的原因？

How do I properly format a Rust string for proper cryptographic use? Is there another library that is functional? Or is this a lost cause?

推荐答案

根据标准文件文档，密钥应进行十六进制编码（请参见代码示例中的注释）。所以这样的事情应该起作用：

According to the Standard File documentation, the key should be hex-encoded (see the comments in the code sample). So something like this should work:

extern crate rustc_serialize as serialize;
use serialize::hex::{FromHex, ToHex};

pub fn hashcompute(&self, password: String) {
    let mut dk = [0u8; 768]; // derived key
    let mut mac = Hmac::new(Sha512::new(), password.as_bytes());
    pbkdf2::pbkdf2(&mut mac, self.pw_salt.from_hex().unwrap(), self.pw_cost, &mut dk);

    println!("{}", dk.to_hex());
}

请注意，我也使用了 from_hex 将盐从字符串转换为& [u8] ，因为看起来盐也应进行十六进制编码。

Note that I've also used from_hex to convert the salt from a string to a &[u8] since it looks like the salt should also be hex-encoded.

这篇关于使用PBKDF2密钥派生用rust-crypto正确创建用户可读的盐的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！