rust::krow

A Rust implementation of the krow key derivation function.

This is a new and experimental function that has not undergone any review or audit. In the absence of cryptanalysis, use at your own risk.

Krow is a memory-hard key derivation function designed for password hashing and key stretching. It uses BLAKE3 and ChaCha20 Core primitives, and provides configurable memory, time, and security parameters.

Deriving keys with krow can be configured using the following factors:

• m: The memory size factor m is used to specify the total memory size, in KiB. The total memory size must be at least 4 KiB, and a power of two. The memory is comprised of blocks, which are sized dynamically based on the total memory size. Block sizes are calculated as the floored square root of the memory size in bytes, then rounded down to the nearest power of two and divided by 8. A minimum block size of 128 is always used.
• t: The time factor t is used to configure the number of memory traversals. Each memory traversal includes a fill phase which passes over all blocks in memory, and a lookup phase that completes a number of lookup iterations equal to the total blocks count. The fill phase uses sequential and optional random block dependencies. The lookup phase uses either data-independent or data-dependent lookups, or a ratio of both in that order.
• s: The security mode factor s is used to set the ratio of data-independent to data-dependent lookups that take place. It is expected as a percentage 0-100, where 0 indicates full data-independence, and 100 indicates full data-dependence. An security mode value of e.g. 25 would indicate 25% data-independent lookups followed by 75% data-independent lookups for each traversal.
• random: The optional random factor is used to enable or disable the fill phase's random dependency mode. When true, both sequential and random block dependencies will be used. When false, only sequential block dependencies will be used. By default, this factor is true.
• mutable: The optional mutable factor is used to enable or disable memory mutability during the lookup phase. When true, during each lookup the mixed accumulator will be written back to the memory at a derived write index. When false, the memory is immutable and no accumulator writes back to the memory will take place. By default, this factor is true.

Example Usage

use krow;

let password = b"this is a password";
let salt = b"this is a salt";
let params = krow::Params::default();
let mut dst = [0u8; 32];

krow::krow(password, salt, None, &params, &mut dst).unwrap();