undefined | Better HN

0 pointsZamicol1y ago0 comments

Password hash functions are designed to be slow, are designed to be use with salts, and may have low entropy inputs. Being slow is a waste for (true) KDFs, salts aren't relevant (although nonces may be), and are designed for high entropy inputs.

The naming overlap between the two is bad, so the industry has tried to move towards naming the two differently. Password hashing functions are not ideal KDFs, even though a particular primitive may be secure for use as a KDF. That's a root of some of the confusion.

0 comments

tptacek1y ago

String KDFs are also slow. That's the basic strategy for making high-entropy keys out of low-entropy inputs.

ZamicolOP1y ago

Password hash functions are intentionally designed to be extremely slow (at an exponential scale). While this makes perfect sense for password hashing, it is nonsensical to have such an intentional, configurable slowdown mechanism in KDFs. KDFs have computational cost, but having the kind of extreme slowdown that password hash functions have makes no sense for purpose designed KDFs, especially when needing to derive many keys.

j / k navigate · click thread line to collapse

0 pointsZamicol1y ago0 comments

0 comments

tptacek1y ago

String KDFs are also slow. That's the basic strategy for making high-entropy keys out of low-entropy inputs.

ZamicolOP1y ago

j / k navigate · click thread line to collapse