On Wed, Sep 08, 2010 at 02:21:18PM -0700, Jon Callas wrote: > Not really. PBKDF2 has the advantage that you can use any PRF in it. The most common PRF is some HMAC, which is a one-way function... one-wayness is a good thing.
That's my understanding of PBKDF2. But is there a reason to require the password as input to every round of iteration of a KDF? IIRC, OpenBSD used to repeatedly iterate a OWF on the user's password for crypt(3). This only required the plaintext password for the first iteration; to increase the iteration count, I just OWF the stored value again - no user interaction required. Somewhere in the evolution of KDFs between that and PBKDF2, the requirement was introduced and I'm not exactly sure if it is required for a certain security property, or whether it's something that could be eliminated by a potential successor KDF. -- I find your ideas intriguing and would like to subscribe to your newsletter. My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email [email protected] to get blacklisted.
pgpebgonnF8e4.pgp
Description: PGP signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
