RSA Laboratories’ PKCS Series - a Tutorial

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Lecture 5: Cryptographic Hashes
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Dan Boneh Odds and ends Key Derivation Online Cryptography Course Dan Boneh.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
CS 4/585: Cryptography Tom Shrimpton FAB
The Misuse of RC4 in Microsoft Office A paper by: Hongjun Wu Institute for Infocomm Research, Singapore ECE 578 Matthew Fleming.
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.
XML Encryption, XML Signature, and Derived Keys: Suggestion For a Minor Addition Magnus Nyström RSA.
1 CIS 5371 Cryptography 4. Message Authentication Codes B ased on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography.
Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
PKCS #5: Password-Based Cryptography Standard
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections ) You may skip proofs, but are.
Project: Simulated Encrypted File System (SEFS) Omar Chowdhury Fall 2015CS526: Information Security1.
PKCS #5 v2.0: Password-Based Cryptography Standard
Block Cipher Modes Last Updated: Aug 25, ECB Mode Electronic Code Book Divide the plaintext into fixed-size blocks Encrypt/Decrypt each block independently.
@Yuan Xue 285: Network Security CS 285 Network Security Hash Algorithm Yuan Xue Fall 2012.
RSA Laboratories’ PKCS Series - a Tutorial
Chapter 12 – Hash Algorithms
RSA Laboratories’ PKCS Series - a Tutorial
PKCS #14: Pseudo-Random Number Generation
Encryption and Integrity
CSCE 715: Network Systems Security
Network Security.
SSL Implementation Guide
Cryptography Lecture 9.
Block Cipher Modes CS 465 Make a chart for the mode comparisons
Cryptographic Hash Functions Part I
Cryptography Lecture 13.
Cryptography Lecture 12.
ATTACKS ON WINZIP ENCRYPTION
Cryptography Lecture 16.
Cryptography Lecture 10.
Asymmetric Cryptography
Block cipher and modes of encryptions
PART VII Security.
Security in Network Communications
Security.
Cryptography Lecture 11.
Security at the Transport Layer: SSL and TLS
Symmetric-Key Encryption
The Secure Sockets Layer (SSL) Protocol
ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD
SYMMETRIC ENCRYPTION.
Block Ciphers (Crypto 2)
Security of Wireless Sensor Networks
Cryptography Lecture 11.
Cryptography Lecture 12.
Padding Oracle Attacks
Topic 13: Message Authentication Code
Chapter -4 STREAM CIPHERS
Lecture 4.1: Hash Functions, and Message Authentication Codes
Chapter 29 Cryptography and Network Security
Randomness and Statistical Tests
Cryptography Lecture 14.
Cryptography Lecture 13.
Cryptography Lecture 10.
Cryptography Lecture 9.
Cryptography Lecture 11.
Cryptography Lecture 10.
Cryptography Lecture 13.
Pseudorandom Numbers Network Security.
HMAC and its Design Objectives
The RC4 Algorithm Network Security.
Simple Hash Functions Network Security.
Blockchains Lecture 4.
Presentation transcript:

RSA Laboratories’ PKCS Series - a Tutorial Magnus Nyström, October, 1999

Password-Based Cryptography Standard Recommendations for the implementation of password-based cryptography, covering: key establishment encryption schemes message-authentication schemes ASN.1 syntax identifying the techniques Generally oriented towards protection of private keys No guidelines for selection of passwords

Background Cryptography with a password ... identification, key establishment encryption message authentication … has some peculiar problems: passwords are not conventional keys nor are they very “random”

General Model Password-based key derivation: key = PBKDF (password, salt, iterations) A salt serves to produce many keys from a given password (thwarting dictionary attacks) But it does not protect against an attacker able to choose the salt Iterations increase the cost for an attacker having to try many passwords

Key Derivation Functions PBKDF1 - Password-based key derivation function #1 The “original” PBKDF Can’t generate keys longer than 20 bytes DK || IV = Hashiterations(Password||Salt) Limitations: only two hash functions assumes cipher in CBC mode and 8-byte salt no security proof entropy bottleneck fixed maximum length for keys

Key Derivation Functions, II PBKDF2 New in version 2.0 of PKCS #5 “Belts-and-suspenders”-approach (protect both against parallel attacks and the recursion present in PBKDF1 DK = T1 || T2 || … || Tn Ti = f(Password, Salt, Iterations, i) f(Password,Salt, Iterations, i) = U1 XOR U2 XOR Uiterations U1 = PRF(Password, Salt || i) Ui = PRF(Password, Ui-1) PRF is most likely hMAC Restricts search space for an unknown key to 160 bits, however

Motivations for PBKDF2 Provably secure under reasonable assumptions on the pseudorandom function PRF Variable output length

Encryption Schemes PBES1 PBES2 Basically PBKDF1 in combination with DES or RC2-CBC New applications should favor PBES2 PBES2 Combination of PBKDF2 with some underlying encryption scheme

Message Authentication Schemes PBMAC1 PBKDF2 together with some underlying MAC scheme

More information PKCS #5 v2.0 is available from http://www.rsasecurity.com/rsalabs/pkcs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.