Abstract
A password-based key derivation function (KDF) – a function that derives cryptographic keys from a password – is necessary in many security applications. Like any password-based schemes, such KDFs are subject to key search attacks (often called dictionary attacks). Salt and iteration count are used in practice to significantly increase the workload of such attacks. These techniques have also been specified in widely adopted industry standards such as PKCS and IETF. Despite the importance and wide-spread usage, there has been no formal security analysis on existing constructions. In this paper, we propose a general security framework for password-based KDFs and introduce two security definitions each capturing a different attacking scenario. We study the most commonly used construction H (c)(p||s) and prove that the iteration count c, when fixed, does have an effect of stretching the password p by log2 c bits. We then analyze the two standardized KDFs in PKCS#5. We show that both are secure if the adversary cannot influence the parameters but subject to attacks otherwise. Finally, we propose a new password-based KDF that is provably secure even when the adversary has full control of the parameters.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bellare, M., Canetti, R., Krawczyk, H.: Keyed Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bellare, M., Rogaway, P.: Random Oracles are practical: A Paradigm For Designing Efficient Protocols. In: First ACM Conference on Computer and Communications Security (1993)
Bellovin, S., Merritt, M.: Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. In: Proceedings of the IEEE Symposium on Research in Security and Privacy (1992)
Dierks, T., Allen, C.: The TLS Protocol Version 1.0. IETF RFC 2246, Internet Request for Comments (January 1999)
Hevia, A., Desai, A., Yin, Y.L.: A Practical-Oriented Treatment of Pseudorandom Number Generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 368. Springer, Heidelberg (2002)
FIPS PUB 186-2. Digital Signature Standard. National Institute of Standards and Technologies (1994)
Flajolet, P., Odlyzko, A.M.: Random mapping statistics. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 329–354. Springer, Heidelberg (1990)
IEEE Std 1363-2000: Standard Specifications for Public-Key Cryptography. IEEE Computer Society, Los Alamitos (2000)
IEEE P1363.2: Standard Specifications for Password-Based Public-Key Cryptographic Techniques. Draft D15 (May 2004), http://grouper.ieee.org/groups/1363/passwdPK/draft.html
Kelsey, J., Schneier, B., Hall, C., Wagner, D.: Secure Applications of Low-Entropy Keys. In: Okamoto, E. (ed.) ISW 1997. LNCS, vol. 1396. Springer, Heidelberg (1998)
Killian, J., Rogaway, P.: How To Protect DES Against Exhaustive Key Search Attacks. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 252–267. Springer, Heidelberg (1996)
Odlyzko, A.M.: private communication (2003)
RSA Laboratories PKCS#5 v2.0: Password-Based Cryptography Standard (1999)
Wagner, D., Goldberg, I.: Proofs of Security For The UNIX Password Hashing Algorithm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 560. Springer, Heidelberg (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yao, F.F., Yin, Y.L. (2005). Design and Analysis of Password-Based Key Derivation Functions. In: Menezes, A. (eds) Topics in Cryptology – CT-RSA 2005. CT-RSA 2005. Lecture Notes in Computer Science, vol 3376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30574-3_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-30574-3_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24399-1
Online ISBN: 978-3-540-30574-3
eBook Packages: Computer ScienceComputer Science (R0)