Hi,I was looking at PBKDF2, bcrypt and scrypt as options for key derivation;
and would like to try using them all together in order to get the cryptographic
strength of the strongest one (which seems to be scrypt so far unless something
novel is discovered, but the assumption is that it is not known which one is
the strongest). My first thought was to apply the first kdf to the password,
then apply the second kdf to the obtained key (using it as the second
password), and then the third. Is there something inherently wrong with this?I
saw a different approach posted by user perseids
here:http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.htmlI quote:
"Derive p_1 = HMAC(Salt1+"PBKDF2") with key sha256(p), p_2 =
HMAC(Salt2+"bcrypt") with key sha1(p) and p_3 = HMAC(Salt3+ "scrypt") with key
sha1(p). Derive key k1, k2 and k3 by using the key derivation function PBKDF2,
bcrypt and scrypt respectively, each of them using 1/30 seconds CPU time with
input p_1, p_2 and p_3 respectively. Compute the key (or database reference
entry) as sha256(k1+k2+k3). Here "+" designates the concatenation of byte
arrays. "So basically the 3 kdfs are applied in parallel, and the resulting
keys are concatenated and then hashed together. What do you guys think about
this one? Is this obviously superior to just applying the multiple kdf "in
series"?Also, I haven't looked at the sources of the scrypt utility yet, is it
straightforward to take the source files from there to use scrypt as a function
call from another program? Or is there a scrypt library specifically for
that?Thank you!
