Skip to content

Instantly share code, notes, and snippets.

@jakcron

jakcron/PBKDF2 HMAC-SHA1.txt

Last active June 7, 2020 04:43
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jakcron/ab05a200e5a6b53c77f28ebfc6342885 to your computer and use it in GitHub Desktop.
Save jakcron/ab05a200e5a6b53c77f28ebfc6342885 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
PBKDF2 HMAC-SHA1.txt
PBKDF2 HMAC-SHA1 Test Vectors
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 1
dkLen = 20
Output:
DK = 0c 60 c8 0f 96 1f 0e 71
f3 a9 b5 24 af 60 12 06
2f e0 37 a6 (20 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 2
dkLen = 20
Output:
DK = ea 6c 01 4d c7 2d 6f 8c
cd 1e d9 2a ce 1d 41 f0
d8 de 89 57 (20 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 4096
dkLen = 20
Output:
DK = 4b 00 79 01 b7 65 48 9a
be ad 49 d9 26 f7 21 d0
65 a4 29 c1 (20 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 16777216
dkLen = 20
Output:
DK = ee fe 3d 61 cd 4d a4 e4
e9 94 5b 3d 6b a2 15 8c
26 34 e9 84 (20 octets)
Input:
P = "passwordPASSWORDpassword" (24 octets)
S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)
c = 4096
dkLen = 25
Output:
DK = 3d 2e ec 4f e4 1c 84 9b
80 c8 d8 36 62 c0 e4 4a
8b 29 1a 96 4c f2 f0 70
38 (25 octets)
Input:
P = "pass\0word" (9 octets)
S = "sa\0lt" (5 octets)
c = 4096
dkLen = 16
Output:
DK = 56 fa 6a a7 55 48 09 9d
cc 37 d7 f0 34 25 e0 c3 (16 octets)
Raw
PBKDF2 HMAC-SHA224.txt
PBKDF2 HMAC-SHA224 Test Vectors
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 1
dkLen = 28
Output:
DK = 3c 19 8c bd b9 46 4b 78
57 96 6b d0 5b 7b c9 2b
c1 cc 4e 6e 63 15 5d 4e
49 05 57 fd (28 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 2
dkLen = 28
Output:
DK = 93 20 0f fa 96 c5 77 6d
38 fa 10 ab df 8f 5b fc
00 54 b9 71 85 13 df 47
2d 23 31 d2 (28 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 4096
dkLen = 28
Output:
DK = 21 8c 45 3b f9 06 35 bd
0a 21 a7 5d 17 27 03 ff
61 08 ef 60 3f 65 bb 82
1a ed ad e1 (28 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 16777216
dkLen = 28
Output:
DK = b4 99 25 18 4c b4 b5 59
f3 65 e9 4f ca fc d4 cd
b9 f7 ae f4 a8 ca 8f cb
4b d1 ec 53 (28 octets)
Input:
P = "passwordPASSWORDpassword" (24 octets)
S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)
c = 4096
dkLen = 35
Output:
DK = 05 6c 4b a4 38 de d9 1f
c1 4e 05 94 e6 f5 2b 87
e1 f3 69 0c 0d c0 fb c0
57 84 ed 9a 75 4c a7 80
e6 c0 17 (35 octets)
Input:
P = "pass\0word" (9 octets)
S = "sa\0lt" (5 octets)
c = 4096
dkLen = 16
Output:
DK = 9b 40 11 b6 41 f4 0a 2a
50 0a 31 d4 a3 92 d1 5c (16 octets)
Raw
PBKDF2 HMAC-SHA256.txt
PBKDF2 HMAC-SHA256 Test Vectors
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 1
dkLen = 32
Output:
DK = 12 0f b6 cf fc f8 b3 2c
43 e7 22 52 56 c4 f8 37
a8 65 48 c9 2c cc 35 48
08 05 98 7c b7 0b e1 7b (32 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 2
dkLen = 32
Output:
DK = ae 4d 0c 95 af 6b 46 d3
2d 0a df f9 28 f0 6d d0
2a 30 3f 8e f3 c2 51 df
d6 e2 d8 5a 95 47 4c 43 (32 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 4096
dkLen = 32
Output:
DK = c5 e4 78 d5 92 88 c8 41
aa 53 0d b6 84 5c 4c 8d
96 28 93 a0 01 ce 4e 11
a4 96 38 73 aa 98 13 4a (32 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 16777216
dkLen = 32
Output:
DK = cf 81 c6 6f e8 cf c0 4d
1f 31 ec b6 5d ab 40 89
f7 f1 79 e8 9b 3b 0b cb
17 ad 10 e3 ac 6e ba 46 (32 octets)
Input:
P = "passwordPASSWORDpassword" (24 octets)
S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)
c = 4096
dkLen = 40
Output:
DK = 34 8c 89 db cb d3 2b 2f
32 d8 14 b8 11 6e 84 cf
2b 17 34 7e bc 18 00 18
1c 4e 2a 1f b8 dd 53 e1
c6 35 51 8c 7d ac 47 e9 (40 octets)
Input:
P = "pass\0word" (9 octets)
S = "sa\0lt" (5 octets)
c = 4096
dkLen = 16
Output:
DK = 89 b6 9d 05 16 f8 29 89
3c 69 62 26 65 0a 86 87 (16 octets)
Raw
PBKDF2 HMAC-SHA384.txt
PBKDF2 HMAC-SHA384 Test Vectors
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 1
dkLen = 48
Output:
DK = c0 e1 4f 06 e4 9e 32 d7
3f 9f 52 dd f1 d0 c5 c7
19 16 09 23 36 31 da dd
76 a5 67 db 42 b7 86 76
b3 8f c8 00 cc 53 dd b6
42 f5 c7 44 42 e6 2b e4 (48 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 2
dkLen = 48
Output:
DK = 54 f7 75 c6 d7 90 f2 19
30 45 91 62 fc 53 5d bf
04 a9 39 18 51 27 01 6a
04 17 6a 07 30 c6 f1 f4
fb 48 83 2a d1 26 1b aa
dd 2c ed d5 08 14 b1 c8 (48 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 4096
dkLen = 48
Output:
DK = 55 97 26 be 38 db 12 5b
c8 5e d7 89 5f 6e 3c f5
74 c7 a0 1c 08 0c 34 47
db 1e 8a 76 76 4d eb 3c
30 7b 94 85 3f be 42 4f
64 88 c5 f4 f1 28 96 26 (48 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 16777216
dkLen = 48
Output:
DK = a7 fd b3 49 ba 2b fa 6b
f6 47 bb 01 61 ba e1 32
0d f2 7e 64 0a 04 e8 f1
11 48 c8 12 29 e2 13 1a
f1 79 c3 b3 42 3b 38 ab
f7 63 df e2 08 c1 fb 67 (48 octets)
Input:
P = "passwordPASSWORDpassword" (24 octets)
S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)
c = 4096
dkLen = 60
Output:
DK = 81 91 43 ad 66 df 9a 55
25 59 b9 e1 31 c5 2a e6
c5 c1 b0 ee d1 8f 4d 28
3b 8c 5c 9e ae b9 2b 39
2c 14 7c c2 d2 86 9d 58
ff e2 f7 da 13 d1 5f 8d
92 57 21 f0 ed 1a fa fa
24 48 0d 55 (60 octets)
Input:
P = "pass\0word" (9 octets)
S = "sa\0lt" (5 octets)
c = 4096
dkLen = 16
Output:
DK = a3 f0 0a c8 65 7e 09 5f
8e 08 23 d2 32 fc 60 b3 (16 octets)
Raw
PBKDF2 HMAC-SHA512.txt
PBKDF2 HMAC-SHA512 Test Vectors
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 1
dkLen = 64
Output:
DK = 86 7f 70 cf 1a de 02 cf
f3 75 25 99 a3 a5 3d c4
af 34 c7 a6 69 81 5a e5
d5 13 55 4e 1c 8c f2 52
c0 2d 47 0a 28 5a 05 01
ba d9 99 bf e9 43 c0 8f
05 02 35 d7 d6 8b 1d a5
5e 63 f7 3b 60 a5 7f ce (64 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 2
dkLen = 64
Output:
DK = e1 d9 c1 6a a6 81 70 8a
45 f5 c7 c4 e2 15 ce b6
6e 01 1a 2e 9f 00 40 71
3f 18 ae fd b8 66 d5 3c
f7 6c ab 28 68 a3 9b 9f
78 40 ed ce 4f ef 5a 82
be 67 33 5c 77 a6 06 8e
04 11 27 54 f2 7c cf 4e (64 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 4096
dkLen = 64
Output:
DK = d1 97 b1 b3 3d b0 14 3e
01 8b 12 f3 d1 d1 47 9e
6c de bd cc 97 c5 c0 f8
7f 69 02 e0 72 f4 57 b5
14 3f 30 60 26 41 b3 d5
5c d3 35 98 8c b3 6b 84
37 60 60 ec d5 32 e0 39
b7 42 a2 39 43 4a f2 d5 (64 octets)
Input:
P = "password" (8 octets)
S = "salt" (4 octets)
c = 16777216
dkLen = 64
Output:
DK = 61 80 a3 ce ab ab 45 cc
39 64 11 2c 81 1e 01 31
bc a9 3a 35 d1 7e 83 3e
bc 22 1a 40 bd 75 8a e8
32 88 02 89 6e 40 a5 4d
2b e2 1c 7d d8 e6 65 f6
49 0a bb bd ff 6c 55 90
bc 65 6c 9d 0b 3d ad 2a (64 octets)
Input:
P = "passwordPASSWORDpassword" (24 octets)
S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)
c = 4096
dkLen = 80
Output:
DK = 8c 05 11 f4 c6 e5 97 c6
ac 63 15 d8 f0 36 2e 22
5f 3c 50 14 95 ba 23 b8
68 c0 05 17 4d c4 ee 71
11 5b 59 f9 e6 0c d9 53
2f a3 3e 0f 75 ae fe 30
22 5c 58 3a 18 6c d8 2b
d4 da ea 97 24 a3 d3 b8
04 f7 5b dd 41 49 4f a3
24 ca b2 4b cc 68 0f b3 (80 octets)
Input:
P = "pass\0word" (9 octets)
S = "sa\0lt" (5 octets)
c = 4096
dkLen = 16
Output:
DK = 9d 9e 9c 4c d2 1f e4 be
24 d5 b8 24 4c 75 96 65 (16 octets)
Raw
pbkdf2-test-vectors.py
#!/usr/bin/env python
import getopt
import hashlib
import hmac
import struct
import sys
class prf:
def __init__(self, digest):
self.digest = digest
self.digest_size = digest().digest_size
def __call__(self, key, data):
return hmac.new(key, data, self.digest).digest()
def INT(i):
assert i > 0
return struct.pack('>I', i)
def xor(A, B):
return ''.join([chr(ord(a) ^ ord(b)) for a, b in zip(A, B)])
# RFC 2898, section 5.2
def pbkdf2(P, S, c, dkLen, PRF):
hLen = PRF.digest_size
if dkLen > (2**32 - 1) * hLen:
raise Exception('derived key too long')
l = -(-dkLen // hLen)
r = dkLen - (l - 1) * hLen
def F(i):
def U():
U = S + INT(i)
for j in range(c):
U = PRF(P, U)
yield U
return reduce(xor, U())
T = map(F, range(1, l+1))
DK = ''.join(T[:-1]) + T[-1][:r]
return DK
# RFC 6070 format
def print_str(name, s):
print ' %s = "%s" (%d octets)' % (name, s.replace("\0", "\\0"), len(s))
def print_int(name, i):
print ' %s = %d' % (name, i)
def print_hex(name, s):
print ' %s =' % name,
for i in range(len(s)):
print '%02x%s' % (ord(s[i]),
'\n ' if i % 8 == 7 and i + 1 < len(s) else ''),
print '%s(%d octets)' % (' ' * (-len(s) % 8), len(s))
def test(P, S, c, dkLen, PRF):
print 'Input:'
print_str("P", P)
print_str("S", S)
print_int("c", c)
print_int("dkLen", dkLen)
print
DK = pbkdf2(P, S, c, dkLen, PRF)
print 'Output:'
print_hex("DK", DK)
print
print
if __name__ == '__main__':
def usage():
sys.exit('%s [-b 20] sha1 sha256 ...' % sys.argv[0])
opts, args = getopt.getopt(sys.argv[1:], 'b:')
opt_b = None
for opt, arg in opts:
if opt == '-b':
opt_b = int(arg)
else:
usage()
if not args:
usage()
for name in args:
print 'PBKDF2 HMAC-%s Test Vectors' % name.upper()
print
PRF = prf(hashlib.new(name).copy)
block = opt_b or PRF.digest_size
test("password", "salt", 1, block, PRF)
test("password", "salt", 2, block, PRF)
test("password", "salt", 4096, block, PRF)
test("password", "salt", 16777216, block, PRF)
test("passwordPASSWORDpassword",
"saltSALTsaltSALTsaltSALTsaltSALTsalt", 4096, block // 4 * 5, PRF)
test("pass\0word", "sa\0lt", 4096, 16, PRF)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment