[17473] in cryptography@c2.net mail archive
Re: expanding a password into many keys
daemon@ATHENA.MIT.EDU (Ondrej Mikle)
Mon Jun 13 18:52:17 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 13 Jun 2005 23:36:54 +0200
From: Ondrej Mikle <ondrej.mikle@gmail.com>
Reply-To: Ondrej Mikle <ondrej.mikle@gmail.com>
To: Ian G <iang@systemics.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <200506121627.38828.iang@systemics.com>
On 6/12/05, Ian G <iang@systemics.com> wrote:
> I'd like to take a password and expand it into
> several keys. It seems like a fairly simple operation
> of hashing the concatonatonation of the password
> with each key name in turn to get each key.
>=20
> Are there any 'gotchas' with that?
>=20
> iang
>=20
I guess you should use some scheme like PKCS #5 PBKDF2 scheme
(password based key derivation function). The only difference between
your idea and PBKDF2 is that the latter does a lot of hash rounds and
is salted (I guess you pick key name to be static and not random, so
they are not used as salts).
Salting helps a bit against static precomputed hashes and techniques
like rainbow tables.
Ondrej Mikle
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
