Content deleted Content added
Citation bot (talk | contribs) Alter: template type. Add: date, s2cid, authors 1-2. | Use this bot. Report bugs. | Suggested by Whoop whoop pull up | #UCB_webform 340/895 |
Password crack Tags: Visual edit Mobile edit Mobile web edit |
||
Line 22:
* As components of multiparty [[key-agreement protocol]]s. Examples of such key derivation functions include KDF1, defined in [[IEEE P1363|IEEE Std 1363-2000]], and similar functions in ANSI X9.42.
* To derive keys from secret passwords or passphrases (a ''password-based KDF'').
* To derive keys of different length from the ones provided. KDFs designed for this purpose include [[HKDF]] and SSKDF. These take an 'info' bit string as an additional optional 'info' parameter, which may be crucial to bind the derived key material to application- and context-specific information.<ref name="info">{{cite journal |last1=Krawczyk |first1=Hugo |last2=Eronen |first2=Pasi |date=May 2010 |title=The 'info' Input to HKDF |url=https://datatracker.ietf.org/doc/html/rfc5869#section-3.2 |website=datatracker.ietf.org
* [[Key stretching]] and key strengthening.
Line 36:
== Password hashing ==
Despite their original use for key derivation, KDFs are possibly better known for their use in '''password hashing''' ([[cryptographic hash function#Password verification|password verification by hash comparison]]), as used by the [[passwd]] file or [[shadow password]] file. Password hash functions should be relatively expensive to calculate in case of brute-force attacks, and the [[key stretching|key stretch]]<ref>{{Cite web |title=Instagram |url=https://www.instagram.com/accounts/login/?next=https%3A%2F%2Fwww.instagram.com%2Fprettygurl._.suhiiii%2F%3Figshid%3DeGVoZzFjaHNlMnow |access-date=2023-11-06 |website=www.instagram.com}}</ref>[[key stretching|ing]] of KDFs happen to provide this characteristic.{{citation needed|date=October 2017}} The non-secret parameters are called "[[salt (cryptography)|salt]]" in this context.
In 2013 a [[Password Hashing Competition]] was announced to choose a new, standard algorithm for password hashing. On 20 July 2015 the competition ended and [[Argon2]] was announced as the final winner. Four other algorithms received special recognition: Catena, Lyra2, Makwa and yescrypt.<ref>[https://password-hashing.net/ "Password Hashing Competition"]</ref>
Line 46:
2. [[scrypt]] if Argon2id is unavailable
3. <ref>{{Cite web |title=Instagram |url=https://www.instagram.com/accounts/login/?next=https%3A%2F%2Fwww.instagram.com%2Fprettygurl._.suhiiii%2F%3Figshid%3DeGVoZzFjaHNlMnow |access-date=2023-11-06 |website=www.instagram.com}}</ref> for legacy systems
4. [[PBKDF2]] if FIPS-140 compliance is required
| |||