Ian G wrote: > I'd like to take a password and expand it into > several keys. It seems like a fairly simple operation > of hashing the concatonatonation of the password > with each key name in turn to get each key.
there is financial standard for derived key per transaction from x9f taxonomy and glossary http://www.garlic.com/~lynn/x9f.htm derived unique key per transaction (DUKPT) A key management method which uses a unique key for each transaction, and prevents the disclosure of any past key used by the transaction originating TRSM. The unique Transaction Keys are derived from a base derivation key using only non-secret data transmitted as part of each transaction. [X924] (see also cryptographic key, transaction) ........ basically you may be able to brute force an individual key w/o comprimising the "master key" (or any other keys derived from the master key). derived keys are used in other infrastructures beside financial transactions. some token based systems may simply use derived key per token (as opposed to per transaction) ... brute force of a particular token's key doesn't compromise either the overall infrastructure and/or other tokens in the infrastructure. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]