[cryptography] good key stretching practice?

Kevin kevinsisco61784 at gmail.com
Sat Dec 28 22:10:29 EST 2013


On 12/28/2013 6:02 PM, Jeffrey Goldberg wrote:
> On Dec 28, 2013, at 2:01 PM, Kevin <kevinsisco61784 at gmail.com> wrote:
>
>> Hello list.  What is the best key stretching method that can be used?
> Best for what?
>
> If you are trying to stretch from a password to a key and wish to add some resistance to password cracking then currently your “mainstream” choices are scrypt, PBKDF2, and bcrypt. None of those are perfect, but each will do. PBKDF2 is the best established, but it is also the most quirky. If you want to play at the bleeding edge of this, you can look what has been proposed as part of the Password Hashing Competition.
>
>    https://password-hashing.net
>
> If you don’t need a “slow” hash, then perhaps something like HKDF is right for your particular needs.
>
>    http://tools.ietf.org/html/rfc5869
>
> But without having a better sense of what you are trying to achieve, nobody can be confident that they are recommending the right thing to you.
>
> Cheers,
>
> -j
>
That link actually helped me.  Thanks.


-- 
Kevin



More information about the cryptography mailing list