Content deleted Content added
Hi Tags: Reverted Visual edit Mobile edit Mobile web edit |
Reverted edits by 111.119.183.19 (talk) (AV) |
||
Line 35:
An alternative approach, called '''key strengthening''', extends the key with a random salt, but then (unlike in key stretching) securely deletes the salt.<ref>Abadi, Martın, T. Mark A. Lomas, and Roger Needham. "Strengthening passwords." Digital System Research Center, Tech. Rep 33 (1997): 1997.</ref> This forces both the attacker and legitimate users to perform a brute-force search for the salt value.<ref>U. Manber, "A Simple Scheme to Make Passwords Based on One-Way Functions Much Harder to Crack," Computers & Security, v.15, n.2, 1996, pp.171–176.</ref> Although the paper that introduced key stretching<ref name="low-entropy">[http://www.schneier.com/paper-low-entropy.html Secure Applications of Low-Entropy Keys], [[John Kelsey (cryptanalyst)|J. Kelsey]], [[Bruce Schneier|B. Schneier]], C. Hall, and [[David A. Wagner|D. Wagner]] (1997)</ref> referred to this earlier technique and intentionally chose a different name, the term "key strengthening" is now often (arguably incorrectly) used to refer to key stretching.
== Password
Despite their original use for key derivation, KDFs are possibly better known for their use in '''password hashing''' ([[cryptographic hash function#Password verification|password verification by hash comparison]]), as used by the [[passwd]] file or [[shadow password]] file. Password hash functions should be relatively expensive to calculate in case of brute-force attacks, and the [[key stretching]] of KDFs happen to provide this characteristic.{{citation needed|date=October 2017}} The non-secret parameters are called "[[salt (cryptography)|salt]]" in this context.
| |||