[17478] in cryptography@c2.net mail archive
Re: expanding a password into many keys
daemon@ATHENA.MIT.EDU ("Hal Finney")
Tue Jun 14 12:37:57 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
Date: Mon, 13 Jun 2005 20:27:16 -0700 (PDT)
From: hal@finney.org ("Hal Finney")
Ian Grigg wrote:
> I'd like to take a password and expand it into
> several keys. It seems like a fairly simple operation
> of hashing the concatonatonation of the password
> with each key name in turn to get each key.
The recommended technique I've seen for this (I think David Wagner
suggested it on sci.crypt years ago) is to use a MAC:
key = MAC (password, keyname)
The security property of a MAC is that you can get as many messages MAC'd
as you want, and you won't be able to guess a MAC on any new messages.
That's exactly what you want here, that an attacker can learn keys when he
knows or chooses keynames, but be unable to guess any keys for any other
keynames. It's a good fit to the security requirements for your problem.
Hal Finney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
