Tuesday, February 09, 2016

[nhvshniy] KDF bottleneck

A password undergoes an expensive password-based key derivation function (e.g., Argon2), yielding a (say) 256-bit key for a cipher.

However, that short 256-bit key is an Achilles heel, a bottleneck: stealing it is as good as stealing the password.  Guessing the password is what the PBKDF was trying to prevent.

Better would be for the whole encryption algorithm (or whatever cryptographic operation it is that uses a password) to be expensive.

No comments :