By Topic

Design and Analysis of Password-Based Key Derivation Functions

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Yao, F.F. ; Dept. of Comput. Sci., City Univ. of Hong Kong, Kowloon, China ; Yin, Y.L.

A password-based key derivation function (KDF)—a function that derives cryptographic keys from a password—is necessary in many security applications. Like any password-based schemes, such KDFs are subject to key search attacks (often called dictionary attacks). Salt and iteration count are used in practice to significantly increase the workload of such attacks. These techniques have also been specified in widely adopted industry standards such as PKCS and IETF. Despite the importance and widespread usage, there has been no formal security analysis on existing constructions. In this correspondence, we propose a general security framework for password-based KDFs and introduce two security definitions each capturing a different attacking scenario. We study the most commonly used construction H^(c)(p,\Vert , s) and prove that the iteration count c , when fixed, does have an effect of stretching the password p by \log _2 c bits. We then analyze the two standardized KDFs in PKCS #5. We show that both are secure if the adversary cannot influence the parameters but subject to attacks otherwise. Finally, we propose a new password-based KDF that is provably secure even when the adversary has full control of the parameters.

Published in:

Information Theory, IEEE Transactions on  (Volume:51 ,  Issue: 9 )