Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [pbkdf]

A PBKDF is a Password Based Key Derivation Function, which can be used to derive key data or derive a "password hash" from a salt and password.

A PBKDF is a Password Based Key Derivation Function, which can be used to derive key data or derive a "password hash" from a salt and password.

PBKDF's are a subset of 's, they differ from Key Based Key Derivation Functions in that they perform key stretching. Inputs of a PBKDF are a salt, an iteration count and - of course - the password/passphrase, encoded to bytes. Well known PBKDF's are PBKDF2, bcrypt and scrypt.

40 questions
54
votes
1 answer

Password hashing security of argon2 versus bcrypt/PBKDF2?

I wonder if it can be approximated how much of a security margin the new argon2 hash, winner of the password hashing competition, can give over bcrypt or PBKDF2, for an attacker using large GPU systems. Practically speaking, if I have had a…
azren
  • 751
  • 1
  • 5
  • 7
17
votes
2 answers

Password hash that can be upgraded without plaintext password

Most password hashes have a cost parameter that indicates how long the algorithm should take. Is there an algorithm where you can increase that cost for a particular hash, without access to the plaintext password? So I have existing hashes in the…
Sjoerd
  • 726
  • 6
  • 17
11
votes
1 answer

What is the algorithm behind PasswordDeriveBytes?

Microsoft has created an implementation of PBKDF1 in the PasswordDeriveBytes class. It can however generate more bytes than PBKDF1, which is limited to the number of bytes generated by the underlying hash function. How is this proprietary extension…
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
11
votes
1 answer

PBKDF vs HKDF for pretty long key

I'm developing a messenger application with encrypted chats. In the first version of the app I've used PBKDF2 (10000 iterations, SHA1, random salt) to extend a short user password and generate keys to encrypt (AES256) and sign message (HMAC). In…
alexeylang
  • 113
  • 1
  • 5
9
votes
2 answers

Key derivation on Arduino

The ATmega2560 is slow - it's a single core, 16MHz 8-bit AVR. Despite that, I need to use some encryption on it, and since it is limited to a few blocks, AES-256 can be used. However, the key derivation is a problem. A computer can easily do a…
Dash
  • 95
  • 4
8
votes
1 answer

Why does LastPass hash their passwords with PBKDF2 this way?

LastPass is a password manager that I am sure many of you are familiar with. I have been studying LastPass's source code a bit. From their FAQs and what I can gather from their source code, the way they derive and store your encryption key is as…
izzle
  • 621
  • 1
  • 5
  • 12
8
votes
2 answers

What are KDF parameters in OpenSSL command-line utility for `enc`?

I refer to https://www.openssl.org/docs/manmaster/apps/enc.html and see that the only parameter for key derivation which I can set explicitly (not considering the obvious -S for setting salt) is -md which is MD to be used for key derivation…
A gee
  • 83
  • 1
  • 1
  • 3
6
votes
2 answers

Are there any high level memory-hard PBKDF constructions?

The PBKDF2 construction from PKCS #5 v2 has the convenient feature that it can be implemented using only standard interchangeable cryptographic primitives. Specifically, it only requires the availability of a suitable PRF, typically implemented…
Ilmari Karonen
  • 46,700
  • 5
  • 112
  • 189
5
votes
0 answers

Upgrading key derivation by adding an XOR with a known value

In general, keys for password-based key derivation are derived from a password hash such as the old PBKDF2 function or Argon2, possibly followed by another derivation function to derive data and authentication keys: $$K_{master} = \text{PBKDF}(pass,…
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
5
votes
3 answers

Derive a key from a password and another key?

I would like to encrypt some data using a password. I want to use a function like PBKDF2 to turn my password into a key. However, I would like to also require a keyfile, for added security. My data should only be decryptable if I have the password…
Sam Smith
  • 95
  • 4
5
votes
2 answers

Memory-hard password-based key derivation functions?

How are memory hard functions designed for the purpose of password based key derivation? To protect against a brute force attack from a parallel machine. What design could work well with Skein? The Skein paper (pdf) has a time hard PBKDF (basically…
Brennan.Tobias
  • 257
  • 1
  • 4
5
votes
1 answer

Is there a tangible benefit in keeping the number of PBKDF iterations secret and not storing them with the ciphertext?

Suppose I have a local file and it is encrypted with a symmetric key derived from a strong passphrase, unique salt and $x$ number of PBKDF (e.g. Scrypt) iterations. I am interested in keeping this file a secret for a very long time. Suppose the user…
itercryp
  • 51
  • 1
4
votes
1 answer

PBKDF security if all but one keys are exposed

I'm trying to understand the security of KDF but stuck with PBKDF case (case 3). Suppose, we have the following settings: $KDF(SK,salt_1) \rightarrow k_1$ $KDF(SK,salt_2) \rightarrow k_2$ The adversary $A$ knows $salt_1$, $salt_2$, $k_2$ (and maybe…
pintor
  • 558
  • 3
  • 14
4
votes
1 answer

Encrypt a small amount of data with a password derived from PBKDF2

I have a small amount of data (about 128 bits) to secured with a strong password. I plan to run PBKDF2-SHA2-256 on the password and a 128 bit random salt to generate a 256 bit derived key. Then with the first 128 bits of the derived key (Key1), XOR…
Con Suj
  • 41
  • 2
4
votes
2 answers

Replacing the PRF in PBKDF2 with Keccak

I am unable to find a reliable, tested library for a decent password based key derivation function e.g. Scrypt in the programming language I am using, but I have a reliable library for PBKDF2 (which by default uses SHA2-256) and it also allows me to…
504811E
  • 51
  • 3
1
2 3