Key Derivation

Let's learn about the key derivation in Python and how it can be used.

We'll cover the following

Simple example of key derivation
Simple example of scrypt
Example with bcrypt

Python has pretty limited support for key derivation built into the standard library. In fact, the only method that hashlib provides is the pbkdf2_hmac method, which is the PKCS#5 password-based key derivation function. It uses HMAC as its pseudorandom function. We might use something like this for hashing our password as it supports salt and iterations. For example, if we have to use SHA-256, we would need a salt of at least 16 bytes and a minimum of 100,000 iterations.

As a quick aside, a salt is just random data that we use as additional input into our hash to make it harder to “unhash” our password.

salt is basically a configuration management tool that protects our password from dictionary attacks and precomputed rainbow tables.

Simple example of key derivation

Let’s look at a simple example:

Get hands-on with 1400+ tech skills courses.

Introduction

An Intro to Argument Parsing Using argparse

The Collections Module

Context Managers

The Functools Module

All About Imports

The importlib Module

Iterators and Generators

The Itertools Module

Regular Expressions

Mini Project: Password Checker

The Typing Module

Python Built-ins

Unicode

Benchmarking

Encryption and Cryptography

Databases

Mini Project: Encryption, Decryption, and Database

The Super Built-in

Descriptors

Scope

Web Scraping

Web APIs

Working with FTP

The urllib Module

The doctest Module

The unittest Module

The mock Module

An Intro to coverage.py

The asyncio Module

The Threading Module

The Multiprocessing Module

The concurrent.futures Module

Mini Project: Wikipedia and Coroutine

Wrapping Up

Key Derivation

Simple example of key derivation