[cryptography] is there an interation-incremental version of PBKDF2?

travis+ml-rbcryptography at subspacefield.org travis+ml-rbcryptography at subspacefield.org
Tue Sep 14 21:24:30 EDT 2010


Thanks for the in-depth reply Chris.

Sometimes we are not in a position to solve systemic problems; our
boss comes to us and says, "hey, what should we use for the passwords,
knowing that we'll never be able to get all our users to log in
again?"  And it gets you thinking.  Sure, there may be other weak
points that could be addressed by someone with a bigger scope and
responsibility, but sometimes you just try to come up with the best
solution you can for your little niche, so that it's not the weakest
link (not just now, but until it is replaced - which I generally want
to be as far in the future as is feasible).

It seems there are a few technical answers:

0) Use an invertible function.  Not really a solution IMHO.

1) Use a really big hash and deal with state reduction caused by the
   fact that it is a random function, and thus not likely to be
   injective (one-to-one).

2) Use a one-way permutation instead of a one-way random function
   as the center of your PBKDF2-style thingamabob.

   Really all you need is for it to be injective, but if it's not
   surjective (onto), you end up with bigger outputs than inputs, so
   it seems reasonable to make it length-preserving (bijective).

I see lots of theory on OWPs but not much practical stuff - with the
exception of most PK relying on OWPs (namely, generators).  I wonder
if there are more efficient non-trapdoor OWPs.  Technically, having it
take a bit in the forward direction could be okay, as long as it's not
vastly too long for the application, and inverting isn't feasible,
since the whole point of using the thingamabob in the first place is
to slow down brute force attacks.
-- 
I find your ideas intriguing and would like to subscribe to your newsletter.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20100914/967d419d/attachment.asc>


More information about the cryptography mailing list