Ian Grigg wrote:
I'd like to take a password and expand it into
several keys. It seems like a fairly simple operation
of hashing the concatonatonation of the password
with each key name in turn to get each key.
The recommended technique I've seen for this (I think David Wagner
suggested it
Hal Finney wrote:
The recommended technique I've seen for this (I think David Wagner
suggested it on sci.crypt years ago) is to use a MAC:
key = MAC (password, keyname)
The security property of a MAC is that you can get as many messages MAC'd
as you want, and you won't be able to guess a
Ian G [EMAIL PROTECTED] writes:
I'd like to take a password and expand it into
several keys. It seems like a fairly simple operation
of hashing the concatonatonation of the password
with each key name in turn to get each key.
Are there any 'gotchas' with that?
iang
PS: some psuedo code
At 10:34 2005-06-14 -0700, Eric Rescorla wrote:
Hash-based constructions are the standard here, but I'm generally
leary of using a pure hash. Probably the best basic function is to use
HMAC(P,L_i) or perhaps HMAC(H(P),L_i), since HMAC wasn't designed to
be used with non-random key values. You'd
--- begin forwarded text
Date: Tue, 14 Jun 2005 11:19:33 -0400
To: Philodox Clips List [EMAIL PROTECTED]
From: R.A. Hettinga [EMAIL PROTECTED]
Subject: [Clips] Visa Sets Antifraud-System Upgrade
Reply-To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
I suppose I should also have note that the master key going into KDF2
would be derived with PBKDF2 from a password if this is a password
derived set of keys, to get the extra features of a salt and iterator
to slow down brute force.
Adam
On Tue, Jun 14, 2005 at 04:21:39AM -0400, Adam Back wrote: