- From: Mark Watson <watsonm@netflix.com>
- Date: Wed, 5 Mar 2014 11:52:17 -0800
- To: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
- Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Received on Wednesday, 5 March 2014 19:52:47 UTC
Ok, I will specify with HMAC for the moment. SP 800-132 has a normative minimum output length of 112 bits, which the RFC does not have. Do we want that ? ...Mark On Wed, Mar 5, 2014 at 10:01 AM, Vijay Bharadwaj < Vijay.Bharadwaj@microsoft.com> wrote: > I doubt anyone uses PBKDF2 with something other than HMAC. In fact SP > 800-132 explicitly limits it to HMAC. So if you incorporate that limitation > then maybe SP 800-132 is a better reference. > > > > *From:* Mark Watson [mailto:watsonm@netflix.com] > *Sent:* Wednesday, March 5, 2014 9:54 AM > *To:* public-webcrypto@w3.org > *Subject:* PBKDF2 questions > > > > (1) I assume the correct reference is RFC2898 > > (2) Do we need to support PBKDF2 with pseudo-random functions other than > HMAC ? Presently the parameters dictionary allows us to specify the > pseudo-random function, prf, in contrast to HKDF where we are allowed only > to specify the hash function to be used with HMAC > > > > Restricting to HMAC is much simpler to specify. If we allow arbitrary > PRFs, we need to define what properties they must have: support of sign > operation and import of arbitrary size raw key. These requirements restrict > us to HMAC anyway (from the existing algorithms). > > > > Does anyone use PBKDF with a PRF other than HMAC ? What ? > > > > ...Mark >
Received on Wednesday, 5 March 2014 19:52:47 UTC