[prev in list] [next in list] [prev in thread] [next in thread]
List: cryptography-randombit
Subject: Re: [cryptography] any reason PBKDF2 shouldn't be used for storing hashed passwords?
From: Ben Laurie <ben () links ! org>
Date: 2012-08-16 12:25:04
Message-ID: CAG5KPzww9P3Gjc7RjDPwf9iidH41dFZO7vaF4okFUrnE1jdNXA () mail ! gmail ! com
[Download RAW message or body]
On Thu, Aug 16, 2012 at 1:30 AM, Patrick Mylund Nielsen
<cryptography@patrickmylund.com> wrote:
> One curious note is that NIST recommends PBKDF2 for master key derivation,
> and specifically write, "The MK [PBKDF2 output] shall not be used for other
> purposes." Perhaps the document was meant to document just KDFs. Since the
> hashes are one-way anyway, I don't see it making a difference for use as
> "password digests."
Just being cautious, I guess. I'm sure there are stupid ways to use
the MK and they are presumably hard to list.
Anyway, if you want to conform, encrypt a bunch of zeroes using the MK
and then use decryption to check correctness of password...
>
>
> On Thu, Aug 16, 2012 at 2:15 AM, Jon Callas <jon@callas.org> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> On Aug 15, 2012, at 4:50 PM, travis+ml-rbcryptography@subspacefield.org
>> wrote:
>>
>> > * PGP Signed by an unknown key
>> >
>> > Any reason PBKDF2 shouldn't be used for (storing) hashed passwords?
>> >
>>
>> My recommendation is that you should use it. It's even got a NIST
>> document, now:
>>
>> http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
>>
>> To be the most rigorous, use PBKDF2-HMAC-SHA[12]. It doesn't matter a lot
>> which hash function you're using if you're doing the HMAC version. The major
>> difference will be the number of iterations. SHA2 is slower than SHA1, so
>> you'll use fewer iterations. SHA512 is faster on a 64-bit processor than
>> SHA256, which puts a small wrench in things.
>>
>> Use lots of iterations. Calibrate them against real time -- enough for
>> 100ms or more, for example, rather than a fixed count. If you're worried,
>> then add more iterations.
>>
>> Jon
>>
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Universal 3.2.0 (Build 1672)
>> Charset: us-ascii
>>
>> wj8DBQFQLDuusTedWZOD3gYRAt0+AKC0jAKZS40IDBdYelX19y5pQ6zS5gCgpYhI
>> dYokIg8zciE7iY5NrXVWkwc=
>> =pSLW
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> cryptography mailing list
>> cryptography@randombit.net
>> http://lists.randombit.net/mailman/listinfo/cryptography
>
>
>
> _______________________________________________
> cryptography mailing list
> cryptography@randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic