[7352] in cryptography@c2.net mail archive
Re: Extracting Entropy?
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Mon Jun 19 22:46:26 2000
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: ben@algroup.co.uk, coderpunks@toad.com, cryptography@c2.net
Reply-To: pgut001@cs.auckland.ac.nz
X-Charge-To: pgut001
Date: Tue, 20 Jun 2000 11:32:45 (NZST)
Message-ID: <96145756508347@kahu.cs.auckland.ac.nz>
Ben Laurie <ben@algroup.co.uk> writes:
>OK, so if I've got a passphrase of arbitrary length, and I wish to
>condense it to make a key of length n bits (n > 160), what's the
>approved method(s) of doing that?
PKCS #5 v2 probably contains the best key derivation mechanism, followed
closely by TLS, then SSL, eventually PGP iterated and salted S2K, and then you
sink into this kind of morass of cruft (PKCS #12, X9.42, CMP, other PGP
variants), and beyond that assorted ad-hoc methods (a single pass through
SHA-1, no salt). Everyone seems to find it necessary to reinvent their own key
derivation mechanism, so there's lots to choose from :-).
Peter.
