PBKDF2/RFC2898/PKCS#5 modes?
#1
As a less immediate, longer term project, I'd like to request generic PBKDF2 (also known as RFC2898 and PKCS#5) support, in whichever applications can reasonably support it. For hash algorithms, I'd say SHA1, SHA256, and SHA512 are the top three in use (with SHA1 winning by a large margin). As we already have WPA support (which I believe is, for the PMK derivation, PBKDF2(passphrase, ssid, 4096, 256[bits])), the algorithm structure has already been coded.

Note that one new feature for the general case would be pulling in either four or five parameters, instead of our previous 1 or 2:
1 - Passphrase
2 - salt
3 - number of iterations
4 - length in bits or bytes of the derived key (output)
5 - HMAC to be used

Anyone crafting a modern, well secured password storage system is likely using PBKDF2, scrypt, or bcrypt (per https://www.owasp.org/index.php/Password...heat_Sheet). These systems need to be audited just like any other system, to see who chose "P@$$w0rd123" as their password.

Microsoft's .NET implementation is SHA1 only (http://msdn.microsoft.com/en-us/library/...bytes.aspx).

BouncyCastle has both .NET and Java implementations, handling more HMAC choices (http://www.bouncycastle.org/)

Perl has Crypt:TongueBKDF2 (http://search.cpan.org/~arodland/Crypt-P.../PBKDF2.pm), which handles more HMAC choices.

Very official PBKDF2 HMAC-SHA1 test vectors are in RFC6070 (http://tools.ietf.org/html/rfc6070).


Messages In This Thread
PBKDF2/RFC2898/PKCS#5 modes? - by Incisive - 08-22-2012, 06:28 PM
RE: PBKDF2/RFC2898/PKCS#5 modes? - by atom - 08-22-2012, 07:11 PM
RE: PBKDF2/RFC2898/PKCS#5 modes? - by Incisive - 08-27-2012, 10:45 PM
RE: PBKDF2/RFC2898/PKCS#5 modes? - by thorsheim - 08-27-2012, 11:13 PM