Re: AES 256 based key derivation function.

Fabrice <fabrice.gautier@xxxxxxxxx> wrote:
Another idea.

Assuming we have a hash function (H) that output 256 bits hash

dk=H(AES-CBC(rk, iv, PV))

I guess this would be secure and this can be generalized to any
keysize/blocksize combination...

It would be simpler to use

dk = H(rk||PV)

and for many hash functions reasonably secure for fixed-length PV.

--
Kristian Gjøsteen
.

Relevant Pages

  • Re: Curve25519-based EC-KCDSA
    ... just that the ordinary signature scheme is secure against existential ... the hash function is a one-way hash function, ... secure against existential forgeries if we eliminate the hash. ...
    (sci.crypt)
  • Re: Curve25519-based EC-KCDSA
    ... An adversary A is given oracle access to s_k, ... is to output a pair such that t is a valid signature on m (e.g., ... DSA hasn't been proven secure _with_ a hash function, ...
    (sci.crypt)
  • Re: CRC and secure hashes
    ... to build a secure 2-universal hash function. ... 2-univ hash function, for appropriate parameter choices. ... There are various ways to build a secure MAC out of a 2-univ hash ...
    (sci.crypt)
  • Re: Slow but secure has function for small data
    ... are stored as hash values generated by the following hash function. ... This scheme should be secure, as long as there is no solution to the ... recovering the password from the hash is not quite the DLP problem, ... It would probably be secure, but there is no gain here, in my opinion. ...
    (sci.crypt)
  • Re: ANNOUNCE: Leopard10 CSPRNG
    ... >There are better ways to make ARC4 more secure; ... >the output of a hash function, such as SHA-1, as the key and ...
    (sci.crypt)
Quantcast