W3C home > Mailing lists > Public > xml-encryption@w3.org > March 2001

Password Key Derivation Algorithm

From: Jim Schaad <jimsch5@home.com>
Date: Thu, 15 Mar 2001 15:48:40 -0800
To: "'Xml-Encryption \(E-mail\)" <xml-encryption@w3.org>
Message-ID: <000e01c0adaa$77055e60$1500a8c0@soaringhawk.net>
I read the minutes on the FTF and noted that there was no understanding of
why this was placed in the proposal document.

This item was placed in the document under the assumption that there will be
a desired to encrypt material to a password rather than to a PKI object.  We
have gotten several comments in the S/MIME working group about this lack in
the CMS document and there are a couple of proposals on how to do this
currently before the group.

The concept is that you want to encrypt and save some data to a file, and
you don't want to do some major PKI type code to do the encryption.  This
algorithm type would allow for an application to retrieve a password phrase
from the user, this pass phrase is then crunched into a key and this key is
used to encrypt the data in the XML structure.  This type of ability matches
much of today's internet structure where a user name and a password is
entered to get access to a piece of data.

I don't really care if this is kept or not I just though that I would
clarify why it was in the original proposal.

Received on Thursday, 15 March 2001 18:46:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:00 UTC