[cryptography] authentication protocol proposal

Nico Williams nico at cryptonector.com
Wed Jul 17 18:09:18 EDT 2013

> Subject [cryptography] authentication protocol proposa

For authentication of what/whom, with what credentials, to what
target(s)?  Ah, users with passwords to some node with a password

On Wed, Jul 17, 2013 at 4:54 PM, Krisztián Pintér <pinterkr at gmail.com> wrote:
> hello,
> some benefits:

> [...]
> * any amount of data can be derived, and it is not costly (unlike PBKDF2)
> [...]

Well, so in general we want PBKDFs to be slow and require lots of RAM
as a defense against off-line password attacks on stolen password
verifiers.  Once you have a session key you should want to use a KDF,
not a PBKDF, because you need the KDF to be fast.


More information about the cryptography mailing list