Wikipedia

Key derivation function: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
No edit summary
Tags: Reverted references removed Mobile edit Mobile web edit
m Reverted edit by 49.14.96.70 (talk) to last version by Pgallert
Line 37:
 
== Password hashing ==
Despite their original use for key derivation, KDFs are possibly better known for their use in '''password hashing''' ([[cryptographic hash function#Password verification|password verification by hash comparison]]), as used by the [[passwd]] file or [[shadow password]] file. Password hash functions should be relatively expensive to calculate in case of brutmlbrute-force attacks, and the [[key stretching]] of KDFs happen to provide this characteristic.{{citation needed|date=October 2017}} The non-secret parameters are called "[[salt (cryptography)|salt]]" in this context.
 
In 2013 a [[Password Hashing Competition]] was announced to choose a new, standard algorithm for password hashing. On 20 July 2015 the competition0scompetition ended and [[Argon2]] was announced as the final winner. Four other algorithms received special recognition: Catena, [[Lyra2]], Makwa and [[yescrypt]].<ref>[https://password-hashing.net/ "Password Hashing Competition"]</ref>
 
As of May 2023, the [[OWASP|Open Worldwide Application Security Project]] (OWASP) recommends the following KDFs for password hashing, listed in order of priority:<ref name="owasp">{{cite web|url=https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html | title=Password Storage Cheat Sheet | work=OWASP Cheat Sheet Series |publisher=[[OWASP]] |accessdate=2023-05-17}}</ref>
 
# [[Argon2|Argon2id]]
Line 63 ⟶ 65:
{{DEFAULTSORT:Key Derivation Function}}
[[Category:Key management]]
[[Category:Key derivation functions|*]] pattern unlock. Mandeep Kaur
Retrieved from "https://en.wikipedia.org/wiki/Key_derivation_function"