The reason for SHA256 has more to do with availability of consistent implementations across platforms. I'm not at all opposed to using PBKDF2. The question was more along the lines of "is the let's piece it together" portion of the key assembly stage secure enough?
On Fri, Feb 14, 2014 at 2:42 PM, Lonnie Olson <li...@kittypee.com> wrote: > On Fri, Feb 14, 2014 at 1:30 PM, S. Dale Morrey <sdalemor...@gmail.com> > wrote: > > To do this I've devised an algorithm to derive the private key on the > > client. > > When working with crypto, it's usually a bad idea to devise your own > algorithms. There are likely smarter people that have already solved, > tested, and verified the problem you are having. > > That said, your search for entropy is a good one, but your usage of > SHA256 to derive a key from some set of entropy is inadequate. There > is a whole section of cryptography dedicated to achieving this goal. > There are several key derivation functions > (http://en.wikipedia.org/wiki/Key_derivation_function) available which > are much stronger than simple SHA256. Perhaps look at the most > popular PBKDF2 (http://en.wikipedia.org/wiki/PBKDF2), since you are > very likely to find an easy implementation already written for > whatever platform you are writing for. > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
