PBKDF2 (Password-Based Key Derivation Function) is a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's RFC 2898. It replaces an earlier standard, PBKDF1, which could only produce derived keys up to 160 bits long.
PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times (1000 is a recommended minimum) to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key strengthening. Having a salt added to the password reduces the ability to use a preset dictionary to attack a password. The iterations increase the work that must be done on the attacker's side to build a brute force attack. If the salt is changed, the entire attack dictionary has to be rebuilt.
Contents |
Systems that use PBKDF2
- Wi-Fi Protected Access (WPA and WPA2) used to secure Wi-Fi wireless networks
- Microsoft Windows Data Protection API (DPAPI) [1]
- OpenDocument encryption used in OpenOffice.org
- SQLCipher, an encrypted variant of SQLite [2]
- WinZip's AES Encryption scheme.[3] and [4]
Disk encryption software
- FileVault (Mac OS X) from Apple Computer [5]
- FreeOTFE (Windows and Pocket PC PDAs); also supports mounting Linux (e.g. LUKS) volumes under Windows
- LUKS (Linux Unified Key Setup) (Linux)
- TrueCrypt (Windows, Linux, and Mac OS X)
- Cryptographic disk (NetBSD) [6]
- GEOM ELI module for FreeBSD
- softraid crypto for OpenBSD
- EncFS (Linux) since v1.5.0
External links
- PBKDF2 specification - RSA Laboratories PKCS #5 v2.0
- RSA PKCS #5- Multiple Formats, and test vectors.
- RFC 2898
Implementations
- ActionScript 3.0 implementation
- .NET's built-in function
- C# implementation
- JavaScript implementation
- Python implementation
- Ruby implementation
- C implementation
 |
This cryptography-related article is a stub. You can help Wikipedia by expanding it. |
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
