Jump to content

PBKDF2: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
switch to built-in RFC linking
Line 6: Line 6:
*[[Wi-Fi Protected Access]] (WPA) used to secure [[Wi-Fi]] wireless networks
*[[Wi-Fi Protected Access]] (WPA) used to secure [[Wi-Fi]] wireless networks
*Apple Computer's [[FileVault]], a disk encryption system in [[Mac OS X]] [http://crypto.nsa.org/vilefault/23C3-VileFault.pdf]
*Apple Computer's [[FileVault]], a disk encryption system in [[Mac OS X]] [http://crypto.nsa.org/vilefault/23C3-VileFault.pdf]
*Microsoft Windows Data Protection API (DPAPI) [http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/windataprotection-dpapi.asp]


== External links==
== External links==

Revision as of 07:58, 17 January 2007

PBKDF2 (Password-Based Key Derivation Function) is a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. It replaces an earlier standard, PBKDF1, which could only produce derived keys up to 160 bits long.

PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times (1000 is a recommended minimum) to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key strengthening. Having a salt added to the password reduces the ability to use a preset dictionary to attack a password. The iterations increase the work that must be done on the attacker's side to build a brute force attack. If the salt is changed, the entire attack dictionary has to be rebuilt.

Systems that use PBKDF2

Retrieved from "https://en.wikipedia.org/w/index.php?title=PBKDF2&oldid=101285916"