Root > Reference > All Functions > TwofishDeriveKeyHMAC

Function TwofishDeriveKeyHMAC

Previous pageReturn to chapter overviewNext page   

Initializes Twofish key from password using SHA-256 HMAC.







Code (Delphi)

function TwofishDeriveKeyHMAC(

const APassword: String;

const ASalt: TSalt

): TTwofishKey;



APassword [in]

User password.


ASalt [in]

Salt value. Use InitSalt function to create new salt for encryption and store salt with encrypted data. Use stored salt to decrypt data.


Return value

Precalculated 256-bit Twofish key derived from APassword and ASalt using SHA256HMAC(ASalt, APassword).


Delete this key by using TwofishDestroyKey function.


This value is always the same for the same APassword and same ASalt.



This is not RAW key derived from password. This is precalculated array of subkeys and SBox keys for Twofish cipher. Precalculation speed ups encryption/decryption. Use TwofishInitKey to precalculate key from RAW key.



This function converts APassword to UTF-8 and then uses SHA256HMAC(ASalt, APassword) to derive the key. Therefore the key has size of 256 bits.



TwofishDeriveKey and TwofishDeriveKeyHMAC use different algorithms to derive the key. E.g. key created by the TwofishDeriveKey will be different from the key created by the TwofishDeriveKeyHMAC function. In other words, if you use some function on sending side - then you must use the same function on receiving side. If you do not have compatibility requirements with external code - we recommend to use TwofishDeriveKeyHMAC function.



The returned value of this function is not RAW key derived from password/salt. The returned value is precalculated/cached array of subkeys and SBox keys for Twofish cipher. Precalculation speed ups encryption/decryption. Use TwofishInitKey to precalculate key from RAW key.


Delete the returned value by using TwofishDestroyKey function when you have finished working with key.


Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard (AES) contest, but it was not selected for standardization. Twofish's distinctive features are the use of pre-computed key-dependent S-boxes, and a relatively complex key schedule. Twofish cipher has not been patented. As a result, the Twofish algorithm is free for anyone to use without any restrictions whatsoever. However, Twofish has seen less widespread usage than Blowfish, which has been available longer.


See also

Send feedback... Build date: 2023-05-05
Last edited: 2023-05-05
The documentation team uses the feedback submitted to improve the EurekaLog documentation. We do not use your e-mail address for any other purpose. We will remove your e-mail address from our system after the issue you are reporting has been resolved. While we are working to resolve this issue, we may send you an e-mail message to request more information about your feedback. After the issues have been addressed, we may send you an email message to let you know that your feedback has been addressed.

Permanent link to this article: