Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [key-derivation]

In cryptography, a key derivation function (or KDF) derives one or more secret keys from a secret value such as a master key or other known information such as a password or passphrase using a pseudo-random function. Keyed cryptographic hash functions are popular examples of pseudo-random functions used for key derivation.

In cryptography, a key derivation function (or KDF) derives one or more secret keys from a secret value such as a master key or other known information such as a password or passphrase using a pseudo-random function. Keyed cryptographic hash functions are popular examples of pseudo-random functions used for key derivation.

636 questions
13
votes
3 answers

What is a Key Derivation Function?

From Wikipedia: In cryptography, a key derivation function (or KDF) derives one or more secret keys from a secret value such as a master key or other known information such as a password or passphrase using a pseudo-random function. Is there a…
RandomGuy
  • 318
  • 2
  • 6
8
votes
2 answers

Are there key-derivation functions that are safe to use in parallel on the same secret?

I'm considering using a key-derivation scheme for generating multiple keys from the same user secret. It is important that given all but one of these derived keys, it is not feasible to calculate the last one. Tunable difficulty would be a big plus.…
Filip Haglund
  • 1,043
  • 1
  • 8
  • 17
7
votes
2 answers

Can I use guids / uuids as counters for key derivation?

I have a 512 bit master key, and 128 bit unique identifiers. I'm going to derive 256 bit keys to for use with deterministic and block ciphers. For reference, The KDF I'm going to use is Hash( C | Z). The implementation will be SHA256( uuid |…
Grant BlahaErath
  • 355
  • 1
  • 9
5
votes
3 answers

Generate 2 independent keys from a master key

The scenario is like this: I need 2 keys for different purposes (encryption + encryption, encryption + mac, or whatever). Because it is not good practice to reuse the same key, I'd like the 2 keys to be independent. But remembering 2 different keys…
Cyker
  • 729
  • 5
  • 17
5
votes
0 answers

Is correlation in vector distributions "dangerous"?

Consider the two vector distributions $\xi,\chi$ described below, each one outputting integer vectors of length $n$ with coefficients in $\{0,\dots,n\}$. Distribution $\xi$ samples each coefficient $v_i$ following a distribution $\alpha_i\sim…
Tal-Botvinnik
  • 524
  • 3
  • 12
4
votes
1 answer

How to securely derive a key from a list of sorted random bytes?

Is it possible to derive a secure cryptographic key from an array of sorted bytes, assuming the bytes themselves were generated in a secure manner (say, from quantum phenomenon)? What would be the best approach to this issue?
Jakub
  • 51
  • 2
4
votes
1 answer

Is there more than one public key for a private key?

Does deriving the public key from an RSA private key always yield the same result? And if so, does this generally apply to all asymmetric cryptosystems?
user73856
  • 41
  • 1
4
votes
1 answer

Why does NIST SP 800 `KDF in Counter Mode' specification require a PRF rather than a PRP?

This is the NIST SP 800 KDF in Counter Mode specification. Where $K_I$ is the input key, $[i]_2$ is the counter value, Label and Context are fixed-length strings and $[L]_2$ is the output size, the input to the PRF for each block $i\in n$ is as…
Chris
  • 809
  • 4
  • 9
4
votes
1 answer

Is it secure to cascade KDFs

I would like to know if the following process to generate keys for a set of devices is secure. Let’s say I have a 128-bit master key MK with high entropy. I use a KDF to generate a 128-bit device key DK for each device: DK1 = KDF(MK, salt1) DK2 =…
StefanS
  • 41
  • 2
3
votes
1 answer

Is it safe to reuse the salt for generating symmetric keys for a chat application?

I'm writing a program that allows two users to communicate over E2E encrypted chat with a secret they have agreed upon in the past. The process works as follows: A key is derived from the secret using Argon2id, where the salt is hardcoded in the…
zooweemama
  • 33
  • 2
3
votes
1 answer

Can this key revocation scheme using hierarchical deterministic keys work?

Assume I am working with crypto that supports hierarchical deterministic key generation, Bitcoin/Ethereum keys using secp256k1 is one example. There is a decentralised key registry where users register their public keys for use and other users…
lovesh
  • 512
  • 2
  • 10
3
votes
2 answers

For encryption with a passphrase, should you re-use the same salt for key generation?

Let's say I have a simple "vault" application where users can enter data and a passphrase, and it will be encrypted, requiring them to re-enter the passphrase to decrypt it. This would be implemented as follows: generate salt for key…
JonathanR
  • 131
  • 2
3
votes
1 answer

Is the salt used with PBKDF2 secret?

I have two network endpoints that need to use the same derived key. Can the server send the salt to the client 'in the clear'?
Ken - Enough about Monica
  • 167
  • 7
2
votes
3 answers

Master keys for decrypting?

I'm not a Cryptography expert, but i've seen this topic sometimes on the Web: Master decrypt keys. Most of the people said that "Master decrypt key" does not exist. This makes sense if you developed your own Cryptography software. But if a company…
lucasmx
  • 131
  • 1
  • 3
2
votes
2 answers

Why use HKDF for key derivation even it's not time demanding?

KDF such as scrypt is memory (cpu) demanding so that the attackers cannot quickly decrypt the key. Why use HKDF? What's the application of it? If the attacker knows the input space of HKDF, and since the procedure of HKDF is public, what's the…
FunkyBaby
  • 157
  • 5
1
2 3