IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [pbkdf2]

PBKDF2 is a key derivation and strengthening function, commonly used for password storage.

PBKDF2 is a key derivation and strengthening function. It is defined by PKCS#5 and RFC 2898.

PBKDF2 applies many rounds of a pseudorandom function (typically a ) together with a salt value to make it hard to precompute values or parallelize computations. It is commonly to store .

Alternatives include and .

Further reading

174 questions
11
votes
2 answers

How to know which output length to request from PBKDF2?

I feel like I'm asking a fairly obvious question here, but with it being so easy to make mistakes in this space, here goes. From wikipedia: DK = PBKDF2(PRF, Password, Salt, c, dkLen) dkLen is the desired length of the derived key How do I decide…
user50849
  • 2,580
  • 2
  • 17
  • 15
2
votes
3 answers

PBKDF2 used to generate an encryption key: long shared secret (password) vs iterations count

I want to use pbkdf2 to generate a key for a symetric encryption (DES, 3DES, may be AES) algorith, that will be used to secure private data between an AS/400 and another computer (probably running Windows). I've been "porting" the pbkdf2 c source…
ggo
  • 121
  • 2
2
votes
1 answer

How can I calculate the entropy reduction in my system I'm going to introduce?

I am the creator of LessPass, a deterministic password generator. The core of LessPass is not very complicated. I have 2 methods calc_entropy and render_password: calc_entropy transforms the master password + site + login into a very large integer…
Guillaume Vincent
  • 1,013
  • 1
  • 8
  • 9
1
vote
1 answer

Use Public/Private key pair for password authentication

Is it safe to generate a public/private key pair from a users password using PBKDF2, and send the public key to the server to store as the user's key? Then when the user logs in, it would again generate the private key from the password, and use…
Arlen Beiler
  • 131
  • 9