On Fri, Aug 05, 2016 at 07:08:49AM -0400, Allen wrote: > > > > > > how would it be the best to derive a key from user input > > > > > > I think that depends on what you plan to do with the key, i.e., what it > > > will be used for, and how it will be used > > > > how you mean? for encryption and signing i guess. > > > > If only it were that simple. If you have no idea what you are going to use > the keys for and the attacks you need to resist, then it's unlikely you'll > have a secure system.
this is a theoretical question. if we have IoTs, and people start doing simple md5 for kdf, then that is very bad if anyone can bruteforce this passphrase, independently of how the key is used later. i'm looking for a cryptographic primitive that makes a key out of user input. like argon, like scrypt, like bcrypt. you know, that kind of stuff. without any context how the kdf derived key is used later. > Things that might matter: Is the data stored and if so where? Is the data > transmitted? When and where is the data decrypted, and by whom? How will > you distribute the signature verification key and associate it with an > identity? Is there a requirement to escrow or recover the key(s) if the > password can't be remembered? Etc. this goes well beyond the concept of a kdf i believe. also this is a generic question, what cryptographic primitive exists for these restricted environments in general. it will be necessary, and if there's none, expect to have md5(password) all over the place. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
