Re: AES 256 based key derivation function.



On Oct 24, 2:11 pm, Kristian Gjøsteen <kristiag+n...@xxxxxxxxxxxx>
wrote:
Fabrice  <fabrice.gaut...@xxxxxxxxx> wrote:
Another idea.

Assuming we have a hash function (H) that output 256 bits hash

dk=H(AES-CBC(rk, iv, PV))

I guess this would be secure and this can be generalized to any
keysize/blocksize combination...

It would be simpler to use

        dk = H(rk||PV)

and for many hash functions reasonably secure for fixed-length PV.

Unfortunately one of the constraint in my case might be that rk cannot
go anywhere but to the key input of the cipher block. So I need to get
something out of the cipher.



.