[cryptography] authentication protocol proposal
hello, admittedly, i got a little bit hyped about Keccak, especially its versatility. so i thought why not devise an authenitcation / key stretching / key derivation / secure storage protocol that uses solely Keccak to achieve all of its goals? i put together a brief (5 page) document describing the protocol itself: https://docs.google.com/document/d/1kq6f3o-30ao7Dq4CGvBYL0SwzqdSNU0t4JN3r-7kdfk some benefits: * all operations can be identified with single (multiphase) Keccak operation * any amount of data can be derived, and it is not costly (unlike PBKDF2) * through a session key, data can be derived at a later time * uses only one crypto primitive * extremely simple * grants access to many kinds of primitives (prng, stream cipher, MAC) with the notable exception of a block cipher. * up to 127 character passwords with 128 bit salt * designed to be compatible with 3rd party Keccak libraries, though not with SHA-3 only libraries so if you got hyped about Keccak too, you might want to have a looksie. any feedback is appreciated. regs, Krisztián ps: references to Kerckhoff are not necessary. i know the drill. it is a discussion. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] authentication protocol proposal
Subject [cryptography] authentication protocol proposa For authentication of what/whom, with what credentials, to what target(s)? Ah, users with passwords to some node with a password verifier. On Wed, Jul 17, 2013 at 4:54 PM, Krisztián Pintér pinte...@gmail.com wrote: hello, some benefits: [...] * any amount of data can be derived, and it is not costly (unlike PBKDF2) [...] Well, so in general we want PBKDFs to be slow and require lots of RAM as a defense against off-line password attacks on stolen password verifiers. Once you have a session key you should want to use a KDF, not a PBKDF, because you need the KDF to be fast. Nico -- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography