Key derivation function

In cryptography, a key derivation function (KDF) makes a long secret key (which is called a "hash") from a secret phrase, like a password.^[1]^[2] The output of a key derivation function will look common to another result made from a random phrase. They are also used to re-use secret keys in a specific format, like using a shared secret key from the Diffie–Hellman key exchange for sending secrets in AES.^[3]

Use^[2][change | change source]

Key derivation functions are important in security. They allow a smaller "secret phrase" to be expanded into a larger key (of a fixed length decided by the KDF's digest size^[4]). This makes trying to find the original "secret phrase" more difficult. The length of the key makes it more difficult to discover the phrase or the hidden secret by trial and error (i.e. through brute-forcing), by making it difficult for a computer to guess.^[5] Sometimes, a small piece of random data (called a "salt") is added to the secret phrase before it is used with a KDF to make it more difficult guess the original "secret phrase" with a list of known "hashes".

It makes checking passwords safer without using the real password. Instead of keeping the real password, a "hash" of the key is kept and when checking the password, the "hash" of the real password is checked with the input.^[6] Some software put a limit on the length of a password and is sometimes used to make larger secret phrases smaller. KDFs are also made in a way so that, it takes a computer some effort to make the "hash". This makes making a list of potential combinations difficult.^[7]

Commonly used KDFs^[8][change | change source]

SHA-2
PBKDF2
Scrypt
Bcrypt
Argon2
Chacha20^[2]

References[change | change source]

↑ "Key derivation". libsodium.gitbook.io. Retrieved 2019-10-06.
↑ ^2.0 ^2.1 ^2.2 "Password hashing". libsodium.gitbook.io. Retrieved 2019-10-06.
↑ Zdziarski, Jonathan (2012). Hacking and Securing IOS Applications: Stealing Data, Hijacking Software, and How to Prevent It. "O'Reilly Media, Inc.". ISBN 9781449318741.
↑ Recommendation for Password-Based Key Derivation (https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf, Page 6)
↑ "encryption - Why brute-force the password instead of the key directly?". Information Security Stack Exchange. Retrieved 2019-10-06.
↑ "PHP: password_verify - Manual". www.php.net. Retrieved 2019-10-06.
↑ Argon2: the memory-hard function for password hashing and other applications (https://password-hashing.net/argon2-specs.pdf)
↑ "Key Derivation Function - Crypto++ Wiki". cryptopp.com. Archived from the original on 2019-10-06. Retrieved 2019-10-06.

[1] "Key derivation". libsodium.gitbook.io. Retrieved 2019-10-06.

[:0-2] 2.0 ^2.1 ^2.2 "Password hashing". libsodium.gitbook.io. Retrieved 2019-10-06.

[3] Zdziarski, Jonathan (2012). Hacking and Securing IOS Applications: Stealing Data, Hijacking Software, and How to Prevent It. "O'Reilly Media, Inc.". ISBN 9781449318741.

[4] Recommendation for Password-Based Key Derivation (https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf, Page 6)

[5] "encryption - Why brute-force the password instead of the key directly?". Information Security Stack Exchange. Retrieved 2019-10-06.

[6] "PHP: password_verify - Manual". www.php.net. Retrieved 2019-10-06.

[7] Argon2: the memory-hard function for password hashing and other applications (https://password-hashing.net/argon2-specs.pdf)

[8] "Key Derivation Function - Crypto++ Wiki". cryptopp.com. Archived from the original on 2019-10-06. Retrieved 2019-10-06.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

Use[2][change | change source]

Commonly used KDFs[8][change | change source]

References[change | change source]

Use^[2][change | change source]

Commonly used KDFs^[8][change | change source]