[17475] in cryptography@c2.net mail archive
Re: expanding a password into many keys
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Mon Jun 13 20:32:02 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 13 Jun 2005 18:16:47 -0600
From: Anne & Lynn Wheeler <lynn@garlic.com>
To: Ian G <iang@systemics.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <200506121627.38828.iang@systemics.com>
Ian G wrote:
> I'd like to take a password and expand it into
> several keys. It seems like a fairly simple operation
> of hashing the concatonatonation of the password
> with each key name in turn to get each key.
there is financial standard for derived key per transaction
from x9f taxonomy and glossary
http://www.garlic.com/~lynn/x9f.htm
derived unique key per transaction (DUKPT)
A key management method which uses a unique key for each
transaction, and prevents the disclosure of any past key used by the
transaction originating TRSM. The unique Transaction Keys are derived
from a base derivation key using only non-secret data transmitted as
part of each transaction. [X924] (see also cryptographic key, transaction)
........
basically you may be able to brute force an individual key w/o
comprimising the "master key" (or any other keys derived from the master
key).
derived keys are used in other infrastructures beside financial
transactions. some token based systems may simply use derived key per
token (as opposed to per transaction) ... brute force of a particular
token's key doesn't compromise either the overall infrastructure and/or
other tokens in the infrastructure.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
