2004
DOI: 10.1007/978-3-540-30144-8_12
|View full text |Cite
|
Sign up to set email alerts
|

On The Security of Key Derivation Functions

Abstract: Abstract. Key derivation functions are commonly used within many cryptographic schemes in order to distribute the entropy contained in an uneven way in a long stream of bits into a string that can be used directly as a symmetric key or as a seed for a pseudo-random number generator, or to convert short strings such as passwords into symmetric keys. This paper examines the common key derivation function constructions and shows that most of these have some concerning properties. In some situations, the use of th… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
13
0

Year Published

2005
2005
2017
2017

Publication Types

Select...
5
1

Relationship

0
6

Authors

Journals

citations
Cited by 16 publications
(13 citation statements)
references
References 9 publications
0
13
0
Order By: Relevance
“…A widespread consensus that an n-bit iterated hash function should never be expected to resist attacks requiring more than 2 n/2 operations. This would invalidate current uses of hash functions in cryptographic randomnumber generation, as in [KSF99,DHL02,Bal98], key derivation functions as described in [AKMZ04,NIST03,X963], and many other applications, and seems the least palatable outcome. 2.…”
Section: Using Generic Expandable Messagesmentioning
confidence: 99%
“…A widespread consensus that an n-bit iterated hash function should never be expected to resist attacks requiring more than 2 n/2 operations. This would invalidate current uses of hash functions in cryptographic randomnumber generation, as in [KSF99,DHL02,Bal98], key derivation functions as described in [AKMZ04,NIST03,X963], and many other applications, and seems the least palatable outcome. 2.…”
Section: Using Generic Expandable Messagesmentioning
confidence: 99%
“…Hash functions are often used to construct key derivation functions, e.g., [1,57,63,89,113,149,182]. It can be argued that some of these constructions are bad practice [1,113].…”
Section: Key Derivationmentioning
confidence: 99%
“…It can be argued that some of these constructions are bad practice [1,113]. However, hash functions do seem to be the natural primitive to use in the construction of a KDF.…”
Section: Key Derivationmentioning
confidence: 99%
See 2 more Smart Citations