PBKDF2

from Wikipedia, the free encyclopedia

PBKDF2 ( Password-Based Key Derivation Function 2 ) is a standardized function for deriving a key from a password that can be used in a symmetrical procedure . PBKDF2 is part of the public-key cryptography standards of the RSA laboratories (PKCS # 5), was also published by the Internet Engineering Task Force in RFC 2898 in September 2000 and officially recommended by the National Institute of Standards and Technology (NIST) in December 2010 . The standard has since been revised and published as RFC 8018 in January 2017.

PBKDF2 is not only used to generate keys for a subsequent symmetrical encryption, but also often for password-based authentication.

“It is expected that the password-based key derivation functions may find other applications than just the encryption and message authentication schemes defined here. [...] Another application is password checking, where the output of the key derivation function is stored (along with the salt and iteration count) for the purposes of subsequent verification of a password. "

“It is expected that the password-based key derivation functions will find other uses besides the encryption and message authentication methods defined here. [...] Another application is the password check, whereby the output of the key derivation function (together with the salt and the iteration counter) is saved for the subsequent password verification. "

- PKCS # 5: Password-Based Cryptography Specification Version 2.0

The derivation

A pseudo-random function , such as a cryptological hash function or an HMAC , is applied to the password together with a salt value . The function is then applied several times to the result. This concatenation makes it more difficult to infer the original password from the key using the brute force method . The use of salt also makes the use of rainbow tables very difficult. By increasing the number of passes, the function can also be adapted to the increasing performance of computers.

Applications of PBKDF2

Criticism and alternatives

PBKDF2 is considered to be vulnerable to attacks with special hardware such as graphics processors (GPU) , field programmable gate arrays (FPGA) and application-specific integrated circuits (ASIC) . Due to the low memory requirement, the function can be implemented inexpensively in the appropriate hardware and dictionary attacks or brute force methods can be carried out in parallel. This attack surface also applies to bcrypt , albeit less dramatically due to the moderate storage requirements . A key derivation function that is also intended to protect against attacks with special hardware is the Scrypt function , which was published as an Internet draft, and the more recent Argon2 .

Web links

Individual evidence

  1. Standard of the RSA laboratories
  2. a b Publication of the Internet Engineering Task Force: PKCS # 5: Password-Based Cryptography Specification Version 2.0. ( RFC 2898 ).
  3. Meltem Sönmez Turan, Elaine Barker, William Burr, Lily Chen: Recommendation for Password-Based Key Derivation. Part 1: Storage Applications. (PDF) Publication of the NIST. (English).
  4. Moriarty, Kathleen, Kaliski, Burt, Rusch, Andreas: PKCS # 5: Password-Based Cryptography Specification Version 2.1. Retrieved June 7, 2018 .
  5. winzip.com
  6. boxcryptor.com
  7. MediaWiki 1.24.0 released
  8. Password management in Django
  9. What encryption is being used? | Bitwarden Help & Support. Retrieved March 3, 2019 .
  10. Mark Dürmuth, Tim Güneysu, Markus Kasper, Christof Paar, Tolga Yalcin, Ralf Zimmermann: Evaluation of Standardized Password-Based Key Derivation against Parallel Processing Platforms. In: Computer Security - ESORICS 2012, Springer-Verlag, Berlin Heidelberg 2012, ISBN 978-3-642-33166-4 , pp. 716-733.
  11. European Union Agency for Network and Information Security: Algorithms, key size and parameters report - 2014. (PDF, p. 53).