RE: PBKDF2 questions from Vijay Bharadwaj on 2014-03-05 (public-webcrypto@w3.org from March 2014)

From: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
Date: Wed, 5 Mar 2014 18:01:14 +0000
To: Mark Watson <watsonm@netflix.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <811874da712f45f08abd1b3f434fbd65@DFM-DB3MBX15-07.exchange.corp.microsoft.com>

I doubt anyone uses PBKDF2 with something other than HMAC. In fact SP 800-132 explicitly limits it to HMAC. So if you incorporate that limitation then maybe SP 800-132 is a better reference.

From: Mark Watson [mailto:watsonm@netflix.com]
Sent: Wednesday, March 5, 2014 9:54 AM
To: public-webcrypto@w3.org
Subject: PBKDF2 questions

(1) I assume the correct reference is RFC2898
(2) Do we need to support PBKDF2 with pseudo-random functions other than HMAC ? Presently the parameters dictionary allows us to specify the pseudo-random function, prf, in contrast to HKDF where we are allowed only to specify the hash function to be used with HMAC

Restricting to HMAC is much simpler to specify. If we allow arbitrary PRFs, we need to define what properties they must have: support of sign operation and import of arbitrary size raw key. These requirements restrict us to HMAC anyway (from the existing algorithms).

Does anyone use PBKDF with a PRF other than HMAC ? What ?

...Mark

Received on Wednesday, 5 March 2014 18:01:53 UTC