Jump to content

PBKDF2

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 80.198.13.54 (talk) at 07:58, 17 January 2007 (→‎Systems that use PBKDF2). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

PBKDF2 (Password-Based Key Derivation Function) is a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. It replaces an earlier standard, PBKDF1, which could only produce derived keys up to 160 bits long.

PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times (1000 is a recommended minimum) to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key strengthening. Having a salt added to the password reduces the ability to use a preset dictionary to attack a password. The iterations increase the work that must be done on the attacker's side to build a brute force attack. If the salt is changed, the entire attack dictionary has to be rebuilt.

Systems that use PBKDF2

Retrieved from "https://en.wikipedia.org/w/index.php?title=PBKDF2&oldid=101285916"