Key derivation

This article or the following section is not adequately provided with supporting documents ( e.g. individual evidence ). Information without sufficient evidence could be removed soon. Please help Wikipedia by researching the information and including good evidence.

Key derivation , English Key Derivation Function ( KDF ) is a cryptographic operation of a cryptographic key generated one or more other.

The key extension procedures represent an important sub-class of the key derivation procedures.

Use of key derivation functions

Key derivation functions are often used in conjunction with non-secret parameters to derive one or more keys from a secret value. Such use can prevent an attacker who obtains a derived key from obtaining useful information about the original key value or any of the other derived keys.

Key derivation functions can also be used to ensure that the derived keys have other desirable properties, such as avoiding weak keys in some encryption systems.

The most common use of key derivation functions is the password hash in password verification. Key derivation functions have the desired properties for a password hash function, even if they were not originally intended for this purpose.

Key derivation functions are also used to derive cryptographic keys from secret passwords or passphrases that typically do not have the desired properties for cryptographic keys. This is called key stretching . In such applications, it is recommended that the key derivation feature be intentionally slow in order to counter a dictionary attack or a brute force attack on the password or passphrase.

See also

• PBKDF2

Web links

• Salted Password Hashing - Doing it Right , CrackStation.net