Content deleted Content added
added terminology reference to "key diversification" |
Add references to scrypt() |
||
Line 22:
The first deliberately-slow password-based key derivation function was called "[[Crypt_(Unix)#Library_Function|crypt]]" (or "crypt(3)" after its [[Manual page (Unix)|man page]]), and was invented by [[Robert Morris (cryptographer)|Robert Morris]] in the 1980s to encrypt [[Unix]] passwords. While it was a great advance at the time, increases in processor speeds since the [[PDP-11]] era have made [[brute force attack|brute-force attacks]] against crypt feasible, and advances in storage have rendered the 12-bit salt inadequate. The crypt function's design also limits the user password to 8 characters, which limits the keyspace and makes strong [[passphrase]]s impossible.
Modern password-based key derivation functions, such as [[PBKDF2]] (specified in RFC 2898), use a cryptographic hash, such as [[MD5]] or [[SHA1]], more salt (e.g. 64 bits) and a high iteration count (often 1000 or more). There have been proposals to use algorithms that require large amounts of computer memory and other computing resources to make [[custom hardware attack]]s more difficult to mount. One concrete instance of such algorithm is the <code>scrypt()</code> function, based on the concept of ''sequential memory-hard functions''<ref>http://www.tarsnap.com/scrypt/</ref>.
== Footnotes ==
{{Reflist}}
== References ==
* {{cite web
| last =
| authorlink = Burt Kaliski
| coauthors = [[RSA Laboratories]]
Line 38 ⟶ 41:
| accessdate = 2007-07-27 }}
* {{cite web
| last = Colin| first = Percival
| title = Stronger Key Derivation via Sequential Memory-Hard Functions
| date = 2009-05
| url = http://www.tarsnap.com/scrypt/scrypt.pdf
| format = PDF
| work = BSDCan'09 Presentation
| accessdate = 2009-05-19 }}
{{Crypto navbox}}
| |||