[cryptography] is there an interation-incremental version of PBKDF2?

travis+ml-rbcryptography at subspacefield.org travis+ml-rbcryptography at subspacefield.org
Wed Sep 8 18:06:08 EDT 2010


On Wed, Sep 08, 2010 at 02:21:18PM -0700, Jon Callas wrote:
> Not really. PBKDF2 has the advantage that you can use any PRF in
  it. The most common PRF is some HMAC, which is a one-way
  function... one-wayness is a good thing.

That's my understanding of PBKDF2.  But is there a reason to require
the password as input to every round of iteration of a KDF?

IIRC, OpenBSD used to repeatedly iterate a OWF on the user's password
for crypt(3).  This only required the plaintext password for the first
iteration; to increase the iteration count, I just OWF the stored
value again - no user interaction required.

Somewhere in the evolution of KDFs between that and PBKDF2, the
requirement was introduced and I'm not exactly sure if it is required
for a certain security property, or whether it's something that could
be eliminated by a potential successor KDF.
-- 
I find your ideas intriguing and would like to subscribe to your newsletter.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20100908/b35c4f04/attachment.asc>


More information about the cryptography mailing list