KdfChoice enum

Key derivation functions (KDFs) available for deriving user private keys.

The KDF is used during registration to derive a private key from the user's password and salt. This private key is then used to generate the verification key stored on the server.

Security Considerations:

The KDF choice is critical for security. A compromised server database contains verification keys that can be subject to brute-force attacks to recover passwords. Slower KDFs make such attacks computationally infeasible.

Recommendations:

  • argon2id - Strongly recommended for production use (memory-hard, GPU-resistant)
  • sha256 / sha512 - Fast hash-based KDFs suitable only for compatibility or low-resource environments
  • sha1 - Not recommended except for RFC5054 compatibility

The KDF choice must match between registration and authentication phases.

Inheritance
Available extensions

Values

argon2id → const KdfChoice

Argon2id KDF - memory-hard password hashing algorithm.

Strongly recommended for production use.

Argon2id is the winner of the 2015 Password Hashing Competition and provides excellent resistance to both CPU and GPU-based brute-force attacks through its memory-hard design.

Configuration:

  • Memory: 64 MB
  • Iterations: 3
  • Parallelism: 4
  • Output length: 32 bytes
sha1 → const KdfChoice

SHA-1 hash-based KDF (RFC5054 style).

Implements: x = H(s, H(I | ':' | p))

Warning: Fast to compute, which makes it vulnerable to brute-force attacks. Only use for RFC5054 compatibility or extremely low-resource environments where Argon2id is not feasible.

sha256 → const KdfChoice

SHA-256 hash-based KDF (RFC5054 style).

Implements: x = H(s, H(I | ':' | p))

Warning: Fast to compute, which makes it vulnerable to brute-force attacks. Prefer argon2id for production use.

sha512 → const KdfChoice

SHA-512 hash-based KDF (RFC5054 style).

Implements: x = H(s, H(I | ':' | p))

Warning: Fast to compute, which makes it vulnerable to brute-force attacks. Prefer argon2id for production use.

Properties

hashCode int
The hash code for this object.
no setterinherited
index int
A numeric identifier for the enumerated value.
no setterinherited
name String

Available on Enum, provided by the EnumName extension

The name of the enum value.
no setter
runtimeType Type
A representation of the runtime type of the object.
no setterinherited

Methods

noSuchMethod(Invocation invocation) → dynamic
Invoked when a nonexistent method or property is accessed.
inherited
toString() String
A string representation of this object.
inherited

Operators

operator ==(Object other) bool
The equality operator.
inherited

Constants

values → const List<KdfChoice>
A constant List of the values in this enum, in order of their declaration.