[cryptography] embbeded pw kdf?

Allen allenpmd at gmail.com
Fri Aug 5 07:08:49 EDT 2016


>
> > > how would it be the best to derive a key from user input
> >
> > I think that depends on what you plan to do with the key, i.e., what it
> > will be used for, and how it will be used
>
> how you mean? for encryption and signing i guess.
>

If only it were that simple.  If you have no idea what you are going to use
the keys for and the attacks you need to resist, then it's unlikely you'll
have a secure system.  Things that might matter: Is the data stored and if
so where?  Is the data transmitted?  When and where is the data decrypted,
and by whom?  How will you distribute the signature verification key and
associate it with an identity?  Is there a requirement to escrow or recover
the key(s) if the password can't be remembered?  Etc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20160805/78d14c9f/attachment.html>


More information about the cryptography mailing list