Password-Based
Click on the red underlined text to get to the source
...
This document provides recommendations for the implementation of
password-based cryptography, covering the following aspects:
...
... attacks.
A general approach to password-based cryptography, as described by
Morris and Thompson [8 ...
... passwords separately for each salt.
Another approach to password-based cryptography is to construct key
derivation techniques that are relatively expensive, thereby
...
... key, but will be a significant burden for opponents.
Salt and iteration count formed the basis for password-based
encryption in PKCS #5 v1.5, and adopted here as well for the various
...
... encryption in PKCS #5 v1.5, and adopted here as well for the various
cryptographic operations. Thus, password-based key derivation as
defined here is a function of a password ...
... count, where the latter two quantities need not be kept secret.
From a password-based key derivation function, it is straightforward
to define password-based ...
... password-based key derivation function, it is straightforward
to define password-based encryption and message authentication
schemes. As in PKCS #5 v1.5, the password-based ...
... password-based encryption and message authentication
schemes. As in PKCS #5 v1.5, the password-based encryption schemes
here are based on an underlying, conventional encryption ...
... where the key for the conventional scheme is derived from the
password. Similarly, the password-based message authentication scheme
is based on an underlying conventional scheme. This two-layered
...
... message authentication scheme
is based on an underlying conventional scheme. This two-layered
approach makes the password-based techniques modular in terms of the
underlying techniques they can be based on.
...
... underlying techniques they can be based on.
It is expected that the password-based key derivation functions may
find other applications than just the encryption ...
...
A salt in password-based cryptography has traditionally served the
purpose of producing a large set of keys corresponding to a given
...
... password. An opponent is
thus limited to searching for passwords after a password-based
operation has been performed and the salt is known.
...
... authentication techniques.
In password-based encryption, the party encrypting a message can gain
...
... message authentication
code, however, cannot be sure that a salt supplied by another party
has actually been generated at random. It is possible, for instance,
that the salt may have been copied from another password-based
operation, in an attempt to exploit interactions between multiple
uses of the same key. For instance, suppose two legitimate parties
...
... random number generator or pseudorandom generator is not
available, a deterministic alternative for generating the salt (or
the random part of it) is to apply a password-based key derivation
function to the password ...
... derived key from a base key and
other parameters. In a password-based key derivation function, the
base key ...
... an iteration count, as outlined in Section 3.
The primary application of the password-based key derivation
functions defined here is in the encryption ...
... decryption operation recovers the message from the ciphertext under
the same key. In a password-based encryption scheme, the key is a
password ...
... password.
A typical application of a password-based encryption scheme is a
private-key protection ...
... MAC
verification operation verifies the message authentication code under
the same key. In a password-based message authentication scheme, the
key is a password ...
... password for
different uses to minimize the possibility of unintended
interactions. For password-based encryption with a single algorithm,
...
...
This section gives several examples of underlying functions and
schemes supporting the password-based schemes in Sections 5, 6 and 7.
While these supporting techniques are appropriate for applications to
...
... (The 160-bit limitation should not generally pose a practical
limitation in the case of password-based cryptography, since the
search ...
... the PBMAC1 message authentication scheme, and independent
password-based key derivation functions. This version continues to
...
... S.M. Bellovin and M. Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proceedings of the 1992 IEEE Computer Society Conference on Research in Security ...