Root > Reference > All Functions > TEADeriveKeyHMAC

Function TEADeriveKeyHMAC

Previous pageReturn to chapter overviewNext page   

Initializes TEA key from password via MD5 HMAC.

 

Unit

EEncrypt

 

Syntax

 

Code (Delphi)

function TEADeriveKeyHMAC(

const APassword: String;

const ASalt: TSalt

): TTEAKey; overload;

 

Parameters

APassword [in]

User password.

 

ASalt [in]

Salt value. Use InitSalt function to create new salt for encryption and store salt with encrypted data. Use stored salt to decrypt data.

 

Return value

TEA key derived from APassword and ASalt using MD5 HMAC.

 

You do not need to free/release/dispose this key - it does not contain any allocated memory. However, it is strongly recommended to call TEADestroyKey function once you have finished working with key - to erase it with zeros.

 

This value is always the same for the same APassword and same ASalt.

 

Remarks

This function converts APassword to UTF-8 and then uses MD5HMAC(ASalt, APassword) to derive the key using the specified salt.

 

You do not need to call this function if you already have RAW binary TEA key (TTEAKey).

 

You do not need to free/release/dispose this key - it does not contain any allocated memory. However, it is strongly recommended to call TEADestroyKey function once you have finished working with key - to erase it with zeros.

 

Warning

TEADeriveKey and TEADeriveKeyHMAC use different algorithms to derive the key. E.g. key created by the TEADeriveKey will be different from the key created by the TEADeriveKeyHMAC function. In other words, if you use some function on sending side - then you must use the same function on receiving side. If you do not have compatibility requirements with external code - we recommend to use TEADeriveKeyHMAC function.

 

Tip

Using salt means that size of encrypted/decrypted data will change - because salt must be stored with encrypted data. If you do not use salt - the data size will not change during encryption/decryption.

 

Note

In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes a password. The primary function of salts is to defend against dictionary attacks versus a list of password hashes and against pre-computed rainbow table attacks.

 

Tiny Encryption Algorithm (TEA) is a block cipher notable for its simplicity of description and implementation, typically a few lines of code. TEA operates on two 32-bit unsigned integers (could be derived from a 64-bit data block) and uses a 128-bit key.

 

Important!

TEA has a few weaknesses. Most notably, it suffers from equivalent keys—each key is equivalent to three others, which means that the effective key size is only 126 bits. As a result, TEA is especially bad as a cryptographic hash function. TEA is also susceptible to a related-key attack which requires 2^23 chosen plaintexts under a related-key pair, with 2^32 time complexity.

 

Examples

 

Code (Delphi)

var

Key: TTEAKey;

Salt: TSalt;

EncryptedText: RawByteString;

S: String;

SaltEncodedLen: Integer;

begin

// Create new (random) salt

Salt := InitSalt;

 

// Create new key from password

// Key will be different each time

// Because salt is different

Key := TEADeriveKeyHMAC('password', Salt);

 

// Encrypt some text with the above key

// (meaning "encrypt some text with the above password")

EncryptedText := TEAEncrypt(Key, 'clear text');

 

// Wipe key/salt from memory - do this as soon as possible

TEADestroyKey(Key); // - same as SecureFree(Key);

 

// You must store salt with encrypted data

EncryptedText :=

RAWToString(@Salt, SizeOf(Salt)) +

EncryptedText;

 

// No longer needed, erase it

SecureFree(Salt);

 

// EncryptedText contains encrypted RAW bytes

// Do not output EncryptedText to any place which expects human-readable text

 

// Debug output

// Encrypted text is RAW bytes, so we need to convert it to something readable

// Encrypted value will always be different

Edit1.Text := HexEncodeString(EncryptedText);

 

// _____________________________________________

 

// Read stored salt

SaltEncodedLen := HexCalcEncodedSize(SizeOf(Salt)));

RAWFromString(Copy(EncryptedText, 1, SaltEncodedLen), @Salt);

// Remove salt from EncryptedText

EncryptedText := Copy(EncryptedText, SaltEncodedLen + 1, MaxInt);

 

// Create key from password

// Key will be the same as the one used for encryption above

Key := TEADeriveKeyHMAC('password', Salt);

 

// No longer needed, erase it

SecureFree(Salt);

 

// Decrypt text back

S := TEADecrypt(Key, EncryptedText);

 

// Wipe key from memory - do this as soon as possible

TEADestroyKey(Key); // - same as SecureFree(Key);

 

// Wipe also all data

SecureFree(EncryptedText);

 

// Now S = 'clear text'

 

// Call SecureFree for all data once you have finished working with it

SecureFree(S);

end;

 

See also




Send feedback... Build date: 2023-09-11
Last edited: 2023-09-11
PRIVACY STATEMENT
The documentation team uses the feedback submitted to improve the EurekaLog documentation. We do not use your e-mail address for any other purpose. We will remove your e-mail address from our system after the issue you are reporting has been resolved. While we are working to resolve this issue, we may send you an e-mail message to request more information about your feedback. After the issues have been addressed, we may send you an email message to let you know that your feedback has been addressed.


Permanent link to this article: https://www.eurekalog.com/help/eurekalog/topic_function_eencrypt_teaderivekeyhmac.php