Presentation is loading. Please wait.

Presentation is loading. Please wait.

RSA Laboratories’ PKCS Series - a Tutorial

Published byChristal Maria Stephens Modified over 6 years ago

Similar presentations

Presentation on theme: "RSA Laboratories’ PKCS Series - a Tutorial"— Presentation transcript:

1 RSA Laboratories’ PKCS Series - a Tutorial
Magnus Nyström, October, 1999

2 Password-Based Cryptography Standard
Recommendations for the implementation of password-based cryptography, covering: key establishment encryption schemes message-authentication schemes ASN.1 syntax identifying the techniques Generally oriented towards protection of private keys No guidelines for selection of passwords

3 Background Cryptography with a password ...
identification, key establishment encryption message authentication … has some peculiar problems: passwords are not conventional keys nor are they very “random”

4 General Model Password-based key derivation:
key = PBKDF (password, salt, iterations) A salt serves to produce many keys from a given password (thwarting dictionary attacks) But it does not protect against an attacker able to choose the salt Iterations increase the cost for an attacker having to try many passwords

5 Key Derivation Functions
PBKDF1 - Password-based key derivation function #1 The “original” PBKDF Can’t generate keys longer than 20 bytes DK || IV = Hashiterations(Password||Salt) Limitations: only two hash functions assumes cipher in CBC mode and 8-byte salt no security proof entropy bottleneck fixed maximum length for keys

6 Key Derivation Functions, II
PBKDF2 New in version 2.0 of PKCS #5 “Belts-and-suspenders”-approach (protect both against parallel attacks and the recursion present in PBKDF1 DK = T1 || T2 || … || Tn Ti = f(Password, Salt, Iterations, i) f(Password,Salt, Iterations, i) = U1 XOR U2 XOR Uiterations U1 = PRF(Password, Salt || i) Ui = PRF(Password, Ui-1) PRF is most likely hMAC Restricts search space for an unknown key to 160 bits, however

7 Motivations for PBKDF2 Provably secure under reasonable assumptions on the pseudorandom function PRF Variable output length

8 Encryption Schemes PBES1 PBES2
Basically PBKDF1 in combination with DES or RC2-CBC New applications should favor PBES2 PBES2 Combination of PBKDF2 with some underlying encryption scheme

9 Message Authentication Schemes
PBMAC1 PBKDF2 together with some underlying MAC scheme

10 More information PKCS #5 v2.0 is available from

Download ppt "RSA Laboratories’ PKCS Series - a Tutorial"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Dan Boneh Odds and ends Key Derivation Online Cryptography Course Dan Boneh.

Dan Boneh Odds and ends Key Derivation Online Cryptography Course Dan Boneh.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden +46 470 70 86.

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
CS 4/585: Cryptography Tom Shrimpton FAB 120-04 725-5392.

CS 4/585: Cryptography Tom Shrimpton FAB
The Misuse of RC4 in Microsoft Office A paper by: Hongjun Wu Institute for Infocomm Research, Singapore ECE 578 Matthew Fleming.

The Misuse of RC4 in Microsoft Office A paper by: Hongjun Wu Institute for Infocomm Research, Singapore ECE 578 Matthew Fleming.
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.

Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2015 Nitesh Saxena.
XML Encryption, XML Signature, and Derived Keys: Suggestion For a Minor Addition Magnus Nyström RSA.

XML Encryption, XML Signature, and Derived Keys: Suggestion For a Minor Addition Magnus Nyström RSA.
1 CIS 5371 Cryptography 4. Message Authentication Codes B ased on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography.

1 CIS 5371 Cryptography 4. Message Authentication Codes B ased on: Jonathan Katz and Yehuda Lindell Introduction to Modern Cryptography.
Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
PKCS #5: Password-Based Cryptography Standard

PKCS #5: Password-Based Cryptography Standard
1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections 3.1-3.4) You may skip proofs, but are.

1 Symmetric-Key Encryption CSE 5351: Introduction to Cryptography Reading assignment: Chapter 2 Chapter 3 (sections ) You may skip proofs, but are.
Project: Simulated Encrypted File System (SEFS) Omar Chowdhury Fall 2015CS526: Information Security1.

Project: Simulated Encrypted File System (SEFS) Omar Chowdhury Fall 2015CS526: Information Security1.
PKCS #5 v2.0: Password-Based Cryptography Standard

PKCS #5 v2.0: Password-Based Cryptography Standard
Block Cipher Modes Last Updated: Aug 25, 2015. ECB Mode Electronic Code Book Divide the plaintext into fixed-size blocks Encrypt/Decrypt each block independently.

Block Cipher Modes Last Updated: Aug 25, ECB Mode Electronic Code Book Divide the plaintext into fixed-size blocks Encrypt/Decrypt each block independently.
@Yuan Xue 285: Network Security CS 285 Network Security Hash Algorithm Yuan Xue Fall 2012.

@Yuan Xue 285: Network Security CS 285 Network Security Hash Algorithm Yuan Xue Fall 2012.

Similar presentations

Ads by Google