Re: PBKDF2 questions

Ok, I will specify with HMAC for the moment. SP 800-132 has a normative
minimum output length of 112 bits, which the RFC does not have. Do we want
that ?

...Mark


On Wed, Mar 5, 2014 at 10:01 AM, Vijay Bharadwaj <
Vijay.Bharadwaj@microsoft.com> wrote:

>  I doubt anyone uses PBKDF2 with something other than HMAC. In fact SP
> 800-132 explicitly limits it to HMAC. So if you incorporate that limitation
> then maybe SP 800-132 is a better reference.
>
>
>
> *From:* Mark Watson [mailto:watsonm@netflix.com]
> *Sent:* Wednesday, March 5, 2014 9:54 AM
> *To:* public-webcrypto@w3.org
> *Subject:* PBKDF2 questions
>
>
>
> (1) I assume the correct reference is RFC2898
>
> (2) Do we need to support PBKDF2 with pseudo-random functions other than
> HMAC ? Presently the parameters dictionary allows us to specify the
> pseudo-random function, prf, in contrast to HKDF where we are allowed only
> to specify the hash function to be used with HMAC
>
>
>
> Restricting to HMAC is much simpler to specify. If we allow arbitrary
> PRFs, we need to define what properties they must have: support of sign
> operation and import of arbitrary size raw key. These requirements restrict
> us to HMAC anyway (from the existing algorithms).
>
>
>
> Does anyone use PBKDF with a PRF other than HMAC ? What ?
>
>
>
> ...Mark
>

Received on Wednesday, 5 March 2014 19:52:47 UTC