Content deleted Content added
→Password-based key derivation functions: recay Category:Key management |
move some info to Key strengthening |
||
Line 10:
===Password-based key derivation functions===
{{main|Key strengthening}}
Key derivation functions are also used in applications to derive keys from secret passwords or passphrases, which typically do not have the desired properties to be used directly as cryptographic keys. In such applications, it is generally recommended that the key derivation function be made deliberately slow so as to frustrate [[brute-force attack]] or [[dictionary attack]] on the password or passphrase input value.
Line 17 ⟶ 18:
The difficulty of a [[brute force attack]] increases with the number of iterations. A practical limit on the iteration count is the unwillingness of users to tolerate a perceptible delay in logging in to a computer or seeing a decrypted message. The use of [[salt (cryptography)|salt]] prevents the attackers from precomputing a dictionary of derived keys.
The first deliberately-slow password-based key derivation function was called "CRYPT(3)" and was invented by [[Robert Morris (cryptographer)|Robert Morris]] during the [[1980s]] for encrypting [[Unix]] passwords.
Modern password-based key derivation functions, such as [[PBKDF2]] (specified in RFC 2898), use a cryptographic hash, such as [[MD5]] or [[SHA1]], more salt (e.g. 64 bits) and a high iteration count (often 1000 or more). There have been proposals to use algorithms that require large amounts of computer memory and other computing resources to make [[custom hardware attack]]s more difficult to mount.
| |||