From: Greg Rose [EMAIL PROTECTED]
Sent: Jun 14, 2005 2:54 PM
To: EKR [EMAIL PROTECTED]
Cc: Ian G [EMAIL PROTECTED], cryptography@metzdowd.com
Subject: Re: expanding a password into many keys
...
You know, the proof that HMAC is a good MAC requires that the
*compression function* of the underlying
Ian Grigg wrote:
I'd like to take a password and expand it into
several keys. It seems like a fairly simple operation
of hashing the concatonatonation of the password
with each key name in turn to get each key.
The recommended technique I've seen for this (I think David Wagner
suggested it
Hal Finney wrote:
The recommended technique I've seen for this (I think David Wagner
suggested it on sci.crypt years ago) is to use a MAC:
key = MAC (password, keyname)
The security property of a MAC is that you can get as many messages MAC'd
as you want, and you won't be able to guess a
Ian G [EMAIL PROTECTED] writes:
I'd like to take a password and expand it into
several keys. It seems like a fairly simple operation
of hashing the concatonatonation of the password
with each key name in turn to get each key.
Are there any 'gotchas' with that?
iang
PS: some psuedo code
At 10:34 2005-06-14 -0700, Eric Rescorla wrote:
Hash-based constructions are the standard here, but I'm generally
leary of using a pure hash. Probably the best basic function is to use
HMAC(P,L_i) or perhaps HMAC(H(P),L_i), since HMAC wasn't designed to
be used with non-random key values. You'd
I suppose I should also have note that the master key going into KDF2
would be derived with PBKDF2 from a password if this is a password
derived set of keys, to get the extra features of a salt and iterator
to slow down brute force.
Adam
On Tue, Jun 14, 2005 at 04:21:39AM -0400, Adam Back wrote:
From: Ian G [EMAIL PROTECTED]
Sent: Jun 12, 2005 11:27 AM
To: cryptography@metzdowd.com
Subject: expanding a password into many keys
I'd like to take a password and expand it into several keys. It
seems like a fairly simple operation of hashing the concatonatonation
of the password with each key
On 6/12/05, Ian G [EMAIL PROTECTED] wrote:
I'd like to take a password and expand it into
several keys. It seems like a fairly simple operation
of hashing the concatonatonation of the password
with each key name in turn to get each key.
Are there any 'gotchas' with that?
iang
I guess
Ian,
You need to go beyond the scope of simple-minded PKCS recommendations
to calculate keys from passwords. If you want to improve security,
just adding padding and salt is not enough.
Yes, of course, your code should add padding, so that the sha1 argument
always has the same, fixed, length
Ian G wrote:
I'd like to take a password and expand it into
several keys. It seems like a fairly simple operation
of hashing the concatonatonation of the password
with each key name in turn to get each key.
there is financial standard for derived key per transaction
from x9f taxonomy and
10 matches
Mail list logo
