[cryptography] embbeded pw kdf?

stef s at ctrlc.hu
Fri Aug 5 07:15:15 EDT 2016

On Fri, Aug 05, 2016 at 07:08:49AM -0400, Allen wrote:
> >
> > > > how would it be the best to derive a key from user input
> > >
> > > I think that depends on what you plan to do with the key, i.e., what it
> > > will be used for, and how it will be used
> >
> > how you mean? for encryption and signing i guess.
> >
> If only it were that simple.  If you have no idea what you are going to use
> the keys for and the attacks you need to resist, then it's unlikely you'll
> have a secure system.

this is a theoretical question. if we have IoTs, and people start doing simple
md5 for kdf, then that is very bad if anyone can bruteforce this passphrase,
independently of how the key is used later. i'm looking for a cryptographic
primitive that makes a key out of user input. like argon, like scrypt, like
bcrypt. you know, that kind of stuff.  without any context how the kdf derived
key is used later.

> Things that might matter: Is the data stored and if so where?  Is the data
> transmitted?  When and where is the data decrypted, and by whom?  How will
> you distribute the signature verification key and associate it with an
> identity?  Is there a requirement to escrow or recover the key(s) if the
> password can't be remembered?  Etc.

this goes well beyond the concept of a kdf i believe. also this is a generic
question, what cryptographic primitive exists for these restricted
environments in general. it will be necessary, and if there's none, expect to
have md5(password) all over the place.

otr fp: https://www.ctrlc.hu/~stef/otr.txt

More information about the cryptography mailing list