[147649] in cryptography@c2.net mail archive
Re: [Cryptography] Key stretching
daemon@ATHENA.MIT.EDU (William Allen Simpson)
Sat Oct 12 02:22:38 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 11 Oct 2013 23:55:12 -0400
From: William Allen Simpson <william.allen.simpson@gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, cryptography@metzdowd.com,
hallam@gmail.com
In-Reply-To: <E1VUmER-0001Lu-Fd@login01.fos.auckland.ac.nz>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 10/11/13 7:34 PM, Peter Gutmann wrote:
> Phillip Hallam-Baker <hallam@gmail.com> writes:
>
>> Quick question, anyone got a good scheme for key stretching?
>
> http://lmgtfy.com/?q=hkdf&l=1
>
Yeah, that's a weaker simplification of the method I've always
advocated, stopping the hash function before the final
MD-strengthing and repeating the input, only doing the
MD-strengthening for the last step for each key. I used this in
many of my specifications.
In essence, the MD-strengthening counter is the same as the 0xnn
counter they used, although longer and stronger.
This assures there are no releated key attacks, as the internal
chaining variables aren't exposed.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
