A Key derivation function (or KDF) is a cryptographic hash function which derives one or more secret keys from secret values and/or other known information. In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ... A key is a piece of information that controls the operation of a cryptography algorithm. ...

Uses of KDFs

Key derivation functions are often used in conjunction with non-secret parameters to derive one or more keys from a common secret value. Such use may prevent an attacker who obtains a derived key from learning useful information about either the input secret value or any of the other derived keys. A KDF may also be used to ensure that derived keys have other desirable properties, such as avoiding "weak keys" in some specific encryption systems.

Key derivation functions are often used as components of multi-party key-agreement protocols. Examples of such key derivation functions include KDF1, defined in IEEE Std 1363-2000, and similar functions in ANSI X9.42. In cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome. ... IEEE P1363 is an Institute of Electrical and Electronics Engineers (IEEE) standardization project for public key cryptography. ...

Key derivation functions are also used to derive keys from secret passwords or passphrases. A password is a form of secret authentication data that is used to control access to a resource. ... A passphrase is a sequence of words or other text used to control access to a computer system, program or data. ...

Password-based key derivation functions

Main article: Key strengthening

Key derivation functions are also used in applications to derive keys from secret passwords or passphrases, which typically do not have the desired properties to be used directly as cryptographic keys. In such applications, it is generally recommended that the key derivation function be made deliberately slow so as to frustrate brute-force attack or dictionary attack on the password or passphrase input value. In cryptography, key strengthening or key stretching refer to techniques used to make a weak key such as a password or passphrase stronger, i. ... In cryptanalysis, a brute force attack on a cipher is a brute-force search of the key space; that is, testing all possible keys, in an attempt to recover the plaintext used to produce a particular ciphertext. ... In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. ...

Such use may be expressed as DK = KDF(Key,Salt,Iterations) where DK is the derived key, KDF is the key derivation function, Key is the original key or password, Salt is a random number which acts as cryptographic salt, and Iterations refers to the number of iterations of a sub-function. The derived key is used instead of the original key or password as the key to the system. The values of the salt and the number of iterations (if it isn't fixed) are stored with the hashed password or sent as plaintext with an encrypted message. In computer science, a subroutine (function, method, procedure, or subprogram) is a portion of code within a larger program, which performs a specific task and is relatively independent of the remaining code. ... In cryptography, a salt consists of random bits used as one of the inputs to a key derivation function. ... The word iteration is sometimes used in everyday English with a meaning virtually identical to repetition. ...

The difficulty of a brute force attack increases with the number of iterations. A practical limit on the iteration count is the unwillingness of users to tolerate a perceptible delay in logging in to a computer or seeing a decrypted message. The use of salt prevents the attackers from precomputing a dictionary of derived keys. The EFFs US$250,000 DES cracking machine contained over 1,800 custom chips and could brute force a DES key in a matter of days — the photograph shows a DES Cracker circuit board fitted with several Deep Crack chips. ... In cryptography, a salt consists of random bits used as one of the inputs to a key derivation function. ...

The first deliberately-slow password-based key derivation function was called "crypt" (or "crypt(3)" after its man page), and was invented by Robert Morris in the 1980s to encrypt Unix passwords. While it was a great advance at the time, increases in processor speeds since the PDP-11 era have made brute-force attacks against crypt feasible, and advances in storage have rendered the 12-bit salt inadequate. The crypt function's design also limits the user password to 8 characters, which limits the keyspace and makes strong passphrases impossible. The man page on man Almost all substantial UNIX and Unix-like operating systems have extensive documentation known as man pages (short for manual pages). The Unix command used to display them is man. ... Robert Morris is an American cryptographer. ... Filiation of Unix and Unix-like systems Unix (officially trademarked as UNIX®) is a computer operating system originally developed in the 1960s and 1970s by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie and Douglas McIlroy. ... The PDP-11 was a 16-bit minicomputer sold by Digital Equipment Corp. ... The EFFs US$250,000 DES cracking machine contained over 1,800 custom chips and could brute force a DES key in a matter of days — the photograph shows a DES Cracker circuit board fitted with several Deep Crack chips. ... A passphrase is a sequence of words or other text used to control access to a computer system, program or data. ...

Modern password-based key derivation functions, such as PBKDF2 (specified in RFC 2898), use a cryptographic hash, such as MD5 or SHA1, more salt (e.g. 64 bits) and a high iteration count (often 1000 or more). There have been proposals to use algorithms that require large amounts of computer memory and other computing resources to make custom hardware attacks more difficult to mount. PBKDF2 (Password-Based Key Derivation Function) is a key derivation function that is part of RSA Laboratories Public-Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2. ... In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. ... The SHA (Secure Hash Algorithm) family is a set of related cryptographic hash functions designed by the National Security Agency (NSA) and published by the National Institute of Standards and Technology (NIST). ... The EFFs Deep Crack machine contained over 18,000 custom chips and could brute force a DES key in a matter of days — the photo shows a circuit board fitted with 32 custom attack chips In cryptography, a custom hardware attack uses specially designed electronic circuits to decipher encrypted...