Wikipedia

Key derivation function: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Changing short description from "Function that derives one or more secret keys from a secret value" to "Function that derives secret keys from a secret value"
Citation bot (talk | contribs)
Bots
5,867,049 edits
Alter: template type. Add: date, s2cid, authors 1-2. | Use this bot. Report bugs. | Suggested by Whoop whoop pull up | #UCB_webform 340/895
Line 14:
Modern password-based key derivation functions, such as [[PBKDF2]] (specified in RFC 2898), are based on a recognized cryptographic hash, such as [[SHA-2]], use more salt (at least 64 bits and chosen randomly) and a high iteration count. NIST recommends a minimum iteration count of 10,000.<ref name=sp800-63B>{{cite book | title = SP 800-63B-3 – Digital Identity Guidelines, Authentication and Lifecycle Management | publisher = NIST | date = June 2017 | doi=10.6028/NIST.SP.800-63b | author=Grassi Paul A.}}</ref>{{rp|5.1.1.2}}
"For especially critical keys, or for very powerful systems or systems where user-perceived performance is not critical, an iteration count of 10,000,000 may be appropriate.”
<ref name=sp800-132>{{cite book |url=http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf| title = SP 800-132 – Recommendation for Password-Based Key Derivation, Part 1: Storage Applications | publisher = NIST | date = December 2010 | doi=10.6028/NIST.SP.800-132 | author=Meltem Sönmez Turan, Elaine Barker, William Burr, and Lily Chen| s2cid = 56801929 }}</ref>{{rp|5.2}}
 
== Key derivation ==
Line 22:
* As components of multiparty [[key-agreement protocol]]s. Examples of such key derivation functions include KDF1, defined in [[IEEE P1363|IEEE Std 1363-2000]], and similar functions in ANSI X9.42.
* To derive keys from secret passwords or passphrases (a ''password-based KDF'').
* To derive keys of different length from the ones provided. KDFs designed for this purpose include [[HKDF]] and SSKDF. These take an 'info' bit string as an additional optional 'info' parameter, which may be crucial to bind the derived key material to application- and context-specific information.<ref name=info>{{cite webjournal|title=The 'info' Input to HKDF|url=https://datatracker.ietf.org/doc/html/rfc5869#section-3.2|website=datatracker.ietf.org|date=May 2010 |last1=Krawczyk |first1=Hugo |last2=Eronen |first2=Pasi }} RFC 5869 (2010)</ref>
* [[Key stretching]] and key strengthening.
 
Retrieved from "https://en.wikipedia.org/wiki/Key_derivation_function"