Portal de Periódicos da CAPES

On The Security of Key Derivation Functions

2004; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-540-30144-8_12

1611-3349

Carlisle Adams, Guenther Kramer, Serge Mister, Robert Zuccherato,

User Authentication and Security Systems

Key derivation functions are commonly used within many cryptographic schemes in order to distribute the entropy contained in an uneven way in a long stream of bits into a string that can be used directly as a symmetric key or as a seed for a pseudo-random number generator, or to convert short strings such as passwords into symmetric keys. This paper examines the common key derivation function constructions and shows that most of these have some concerning properties. In some situations, the use of these key derivation functions may actually limit the security that would otherwise be obtained. A new construction is also provided which seems to have better properties and an intuitive justification for its security is given.