Understanding PKCS 5

As I understand, three parts are described in PKCS #5.

1. KDF, Key derivation functions

2. encryption schemes

3. message-authentication schemes

The purpose of PKCS #5 is to solve the "dictionary passwords" attack. There are two approaches to solve this problem. One approach is to combine a password with a salt to produce the key. This generates a long key which makes it is difficult to be guessed. The other approach is to provide a complicate KDF, for example, include the iteration count. therby increasing the cost of exhaustive search.

Salt and iteration count formed the basis for password-based encryption in PKCS #5.

Key derivation functions

*PBKDF1

    PBKDF1 applies a hash function. MD2, MD5, SHA-1

*PBKDF2

    PBKDF2 applies a pseudorandom function to derive functions. It is recommended for new applications.

encryption schemes

* PBES1

    PBKDF1 + DES | RC2

* PBES2

authentication schemes

* PBMAC1




Posted on: Aug 13, 2008

Posted by: Qing-Ming Jeff Cai

Category: Sun

Permanent link to this entry

Comments:

Hi there,

I was wondering if you understood salting in PKCS #5. Because I got confused when the salt is sent as cleartext with the encrypted text. An dictionary attack still works the same way with or without the added salt. Maybe just the time taken to obtain the key from password+salt? Hmm.

Brandon

Posted by Brandon on September 25, 2009 at 05:29 AM CST #

Post a Comment:
  • HTML Syntax: NOT allowed

This blog copyright 2009 by Qing-Ming Jeff Cai