{
    "mode": "perldoc",
    "parameter": "PBKDF2::Tiny",
    "section": "",
    "url": "https://www.chedong.com/phpMan.php/perldoc/PBKDF2%3A%3ATiny/json",
    "generated": "2026-06-09T18:00:12Z",
    "synopsis": "use PBKDF2::Tiny qw/derive verify/;\nmy $dk = derive( 'SHA-1', $pass, $salt, $iters );\nif ( verify( $dk, 'SHA-1', $pass, $salt, $iters ) ) {\n# password is correct\n}",
    "sections": {
        "NAME": {
            "content": "PBKDF2::Tiny - Minimalist PBKDF2 (RFC 2898) with HMAC-SHA1 or HMAC-SHA2\n",
            "subsections": []
        },
        "VERSION": {
            "content": "version 0.005\n",
            "subsections": []
        },
        "SYNOPSIS": {
            "content": "use PBKDF2::Tiny qw/derive verify/;\n\nmy $dk = derive( 'SHA-1', $pass, $salt, $iters );\n\nif ( verify( $dk, 'SHA-1', $pass, $salt, $iters ) ) {\n# password is correct\n}\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "This module provides an RFC 2898 <https://tools.ietf.org/html/rfc2898> compliant PBKDF2\nimplementation using HMAC-SHA1 or HMAC-SHA2 in under 100 lines of code. If you are using Perl\n5.10 or later, it uses only core Perl modules. If you are on an earlier version of Perl, you\nneed Digest::SHA or Digest::SHA::PurePerl.\n\nAll documented functions are optionally exported. No functions are exported by default.\n",
            "subsections": []
        },
        "FUNCTIONS": {
            "content": "derive\n$dk = derive( $type, $password, $salt, $iterations, $dklength )\n\nThe \"derive\" function outputs a binary string with the derived key. The first argument indicates\nthe digest function to use. It must be one of: SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512.\n\nIf a password or salt are not provided, they default to the empty string, so don't do that! RFC\n2898 recommends <https://tools.ietf.org/html/rfc2898#section-4.1> a random salt of at least 8\noctets. If you need a cryptographically strong salt, consider Crypt::URandom.\n\nThe password and salt should encoded as octet strings. If not (i.e. if Perl's internal 'UTF8'\nflag is on), then an exception will be thrown.\n\nThe number of iterations defaults to 1000 if not provided. If the derived key length is not\nprovided, it defaults to the output size of the digest function.\n\nderivehex\nWorks just like \"derive\" but outputs a hex string.\n\nverify\n$bool = verify( $dk, $type, $password, $salt, $iterations, $dklength );\n\nThe \"verify\" function checks that a given derived key (in binary form) matches the password and\nother parameters provided using a constant-time comparison function.\n\nThe first parameter is the derived key to check. The remaining parameters are the same as for\n\"derive\".\n\nverifyhex\nWorks just like \"verify\" but the derived key must be a hex string (without a leading \"0x\").\n\ndigestfcn\n($fcn, $blocksize, $digestlength) = digestfcn('SHA-1');\n$digest = $fcn->($data);\n\nThis function is used internally by PBKDF2::Tiny, but made available in case it's useful to\nsomeone.\n\nGiven one of the valid digest types, it returns a function reference that digests a string of\ndata. It also returns block size and digest length for that digest type.\n\nhmac\n$key = $digestfcn->($key) if length($key) > $blocksize;\n$hmac = hmac( $data, $key, $digestfcn, $blocksize );\n\nThis function is used internally by PBKDF2::Tiny, but made available in case it's useful to\nsomeone.\n\nThe first two arguments are the data and key inputs to the HMAC function. Both should be encoded\nas octet strings, as underlying HMAC/digest functions may croak or may give unexpected results\nif Perl's internal UTF-8 flag is on.\n\nNote: if the key is longer than the digest block size, it must be preprocessed using the\ndigesting function.\n\nThe third and fourth arguments must be a digesting code reference (from \"digestfcn\") and block\nsize.\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "*   Crypt::PBKDF2\n\n*   Digest::PBDKF2\n",
            "subsections": []
        },
        "SUPPORT": {
            "content": "Bugs / Feature Requests\nPlease report any bugs or feature requests through the issue tracker at\n<https://github.com/dagolden/PBKDF2-Tiny/issues>. You will be notified automatically of any\nprogress on your issue.\n",
            "subsections": [
                {
                    "name": "Source Code",
                    "content": "This is open source software. The code repository is available for public review and\ncontribution under the terms of the license.\n\n<https://github.com/dagolden/PBKDF2-Tiny>\n\ngit clone https://github.com/dagolden/PBKDF2-Tiny.git\n"
                }
            ]
        },
        "AUTHOR": {
            "content": "David Golden <dagolden@cpan.org>\n",
            "subsections": []
        },
        "COPYRIGHT AND LICENSE": {
            "content": "This software is Copyright (c) 2014 by David Golden.\n\nThis is free software, licensed under:\n\nThe Apache License, Version 2.0, January 2004\n",
            "subsections": []
        }
    },
    "summary": "PBKDF2::Tiny - Minimalist PBKDF2 (RFC 2898) with HMAC-SHA1 or HMAC-SHA2",
    "flags": [],
    "examples": [],
    "see_also": []
}