Increasing the time needed to test a cryptographic key to protect against brute-force attack
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Key stretching" – news · newspapers · books · scholar · JSTOR(February 2020) (Learn how and when to remove this message)
In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources (time and possibly space) it takes to test each possible key. Passwords or passphrases created by humans are often short or predictable enough to allow password cracking, and key stretching is intended to make such attacks more difficult by complicating a basic step of trying a single password candidate. Key stretching also improves security in some real-world applications where the key length has been constrained, by mimicking a longer key length from the perspective of a brute-force attacker.[1]
There are several ways to perform key stretching. One way is to apply a cryptographic hash function or a block cipher repeatedly in a loop. For example, in applications where the key is used for a cipher, the key schedule in the cipher may be modified so that it takes a specific length of time to perform. Another way is to use cryptographic hash functions that have large memory requirements – these can be effective in frustrating attacks by memory-bound adversaries.
^Kelsey, John; Schneier, Bruce; Hall, Chris; Wagner, David A. (1997). "Secure Applications of Low-Entropy Keys". In Okamoto, Eiji; Davida, George I.; Mambo, Masahiro (eds.). Information Security, First International Workshop, ISW '97, Tatsunokuchi, Japan, September 17-19, 1997, Proceedings. Lecture Notes in Computer Science. Vol. 1396. Springer. pp. 121–134. doi:10.1007/BFb0030415. ISBN 978-3-540-64382-1.
In cryptography, keystretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force...
derivation. The first[citation needed] deliberately slow (keystretching) password-based key derivation function was called "crypt" (or "crypt(3)" after...
type of keyed hash function that can also be used in a key derivation scheme or a keystretching scheme. HMAC can provide authentication using a shared...
Another technique that helps prevent precomputation attacks is keystretching. When stretching is used, the salt, password, and some intermediate hash values...
a "public key" to encrypt a message and a related "private key" to decrypt it. The advantage of asymmetric systems is that the public key can be freely...
Key generation The key generation algorithm selects a random integer x {\displaystyle x} such as 0 < x < r {\displaystyle 0<x<r} . The private key is...
computational work makes password cracking much more difficult, and is known as keystretching. When the standard was written in the year 2000 the recommended minimum...
both summarized below: CNSA 2.0 CNSA 1.0 Keystretching See the discussion on the relationship between key lengths and quantum computing attacks at the...
MD5 has been used to store a one-way hash of a password, often with keystretching. NIST does not include MD5 in their list of recommended hashes for password...
A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and...
is the length of the key plus the original message, appended at the end). The attacker knows that the state behind the hashed key/message pair for the...
generation algorithm selects a key from the key space uniformly at random. A signing algorithm efficiently returns a tag given the key and the message. A verifying...
anti-entropy, replicas exchange Merkle trees to identify parts of their replicated key ranges which are out of sync. A Merkle tree is a hierarchical hash verification:...
that, having seen Xi and SipHash(Xi, k), an attacker who does not know the key k cannot find (any information about) k or SipHash(Y, k) for any message...
A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and...
the same plaintext is encrypted multiple times independently with the same key. Block ciphers may be capable of operating on more than one block size, but...
encrypted data. PKCS #7 is one of the family of standards called Public-Key Cryptography Standards (PKCS) created by RSA Laboratories. The latest version...
possible passwords each second. Password hash functions that perform keystretching – such as PBKDF2, scrypt or Argon2 – commonly use repeated invocations...
PCs before compression or extraction starts. This technique is called keystretching and is used to make a brute-force search for the passphrase more difficult...