Root > Reference > All Functions > TwofishDeriveKey

Function TwofishDeriveKey

Previous pageReturn to chapter overviewNext page   

Initializes Twofish key from password.







Code (Delphi)

function TwofishDeriveKey(

const APassword: String;

const ASalt: PSalt = nil

): TTwofishKey; overload;


function TwofishDeriveKey(

const AData: Pointer;

const ADataSize: Cardinal;

const ASalt: PSalt = nil

): TTwofishKey; overload;



APassword [in, opt]

User password.


ASalt [in, opt]

Optional salt value. It is recommended to always use/specify salt when possible - to defend against dictionary and pre-computed rainbow table attacks. Use InitSalt function to create new salt for encryption and store salt with encrypted data. Use stored salt to decrypt data.


AData [in]

Pointer to binary password to initialize the key.


ADataSize [in]

Size of AData in bytes.


Return value

Precalculated 256-bit Twofish key derived from APassword and (optionally) ASalt using SHA256Hash(ASalt + APassword).


Delete this key by using TwofishDestroyKey function.


This value is always the same for the same APassword (and same ASalt).



This is not RAW key derived from password. This is precalculated array of subkeys and SBox keys for Twofish cipher. Precalculation speed ups encryption/decryption. Use TwofishInitKey to precalculate key from RAW key.



This function converts APassword to UTF-8, attaches ASalt (if specified), then uses the resulting RAW binary string to initialize the key. This function uses SHA256Hash(ASalt + APassword) to derive the key. Therefore the key has size of 256 bits.



The returned value of this function is not RAW key derived from password. The returned value is precalculated/cached array of subkeys and SBox keys for Twofish cipher. Precalculation speed ups encryption/decryption. Use TwofishInitKey to precalculate key from RAW key.


Delete the returned value by using TwofishDestroyKey function when you have finished working with key.


Overloaded variant lets you initialize key from any binary password.



TwofishDeriveKey and TwofishDeriveKeyHMAC use different algorithms to derive the key. E.g. key created by the TwofishDeriveKey will be different from the key created by the TwofishDeriveKeyHMAC function. In other words, if you use some function on sending side - then you must use the same function on receiving side. If you do not have compatibility requirements with external code - we recommend to use TwofishDeriveKeyHMAC function.



Empty salt (zeroed) is not the same as no salt. Use TwofishInitSessionKey function to create new random salt. Once created, salt must be stored with encrypted data and then passed to TwofishDeriveKey for decryption.



In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes a password. The primary function of salts is to defend against dictionary attacks versus a list of password hashes and against pre-computed rainbow table attacks.


Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard (AES) contest, but it was not selected for standardization. Twofish's distinctive features are the use of pre-computed key-dependent S-boxes, and a relatively complex key schedule. Twofish cipher has not been patented. As a result, the Twofish algorithm is free for anyone to use without any restrictions whatsoever. However, Twofish has seen less widespread usage than Blowfish, which has been available longer.


See also

Send feedback... Build date: 2022-03-28
Last edited: 2022-03-28
The documentation team uses the feedback submitted to improve the EurekaLog documentation. We do not use your e-mail address for any other purpose. We will remove your e-mail address from our system after the issue you are reporting has been resolved. While we are working to resolve this issue, we may send you an e-mail message to request more information about your feedback. After the issues have been addressed, we may send you an email message to let you know that your feedback has been addressed.

Permanent link to this article: