idnits 2.17.1 draft-josefsson-pbkdf2-test-vectors-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 14, 2010) is 4945 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 2898 (Obsoleted by RFC 8018) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Josefsson 3 Internet-Draft SJD AB 4 Intended status: Informational September 14, 2010 5 Expires: March 18, 2011 7 PKCS #5 Password Based Key Derivation Function 2 (PBKDF2) Test Vectors 8 draft-josefsson-pbkdf2-test-vectors-06 10 Abstract 12 This document contains test vectors for the Public-Key Cryptography 13 Standards (PKCS) #5 Password Based Key Derivation Function 2 (PBKDF2) 14 with the Hash-based Message Authentication Code (HMAC) Secure Hash 15 Algorithm (SHA-1) pseudorandom function. 17 Status of this Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on March 18, 2011. 34 Copyright Notice 36 Copyright (c) 2010 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (http://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 52 2. PBKDF2 HMAC-SHA1 Test Vectors . . . . . . . . . . . . . . . . . 3 53 3. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5 54 4. Copying conditions . . . . . . . . . . . . . . . . . . . . . . 5 55 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 56 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 57 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 58 7.1. Normative References . . . . . . . . . . . . . . . . . . . 5 59 7.2. Informative References . . . . . . . . . . . . . . . . . . 6 60 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6 62 1. Introduction 64 The Public-Key Cryptography Standards (PKCS) #5 [RFC2898] Password 65 Based Key Derivation Function 2 (PBKDF2) is used by several protocols 66 to derive encryption keys from a password. 68 For example, Salted Challenge Response Authentication Mechanism 69 (SCRAM) [RFC5802] uses PBKDF2 with Hash-based Message Authentication 70 Code (HMAC) [RFC2104] and Secure Hash Algorithm (SHA-1) 71 [FIPS.180-1.1995]. 73 Test vectors for the algorithm were not included in the original 74 specification, but are often useful for implementers. This document 75 addresses the shortcoming. 77 2. PBKDF2 HMAC-SHA1 Test Vectors 79 The input strings below are encoded using ASCII [ANSI.X3-4.1986]. 80 The sequence "\0" (without quotation marks) means a literal ASCII NUL 81 value (1 octet). 83 Input: 84 P = "password" (8 octets) 85 S = "salt" (4 octets) 86 c = 1 87 dkLen = 20 89 Output: 90 DK = 0c 60 c8 0f 96 1f 0e 71 91 f3 a9 b5 24 af 60 12 06 92 2f e0 37 a6 (20 octets) 94 Input: 95 P = "password" (8 octets) 96 S = "salt" (4 octets) 97 c = 2 98 dkLen = 20 100 Output: 101 DK = ea 6c 01 4d c7 2d 6f 8c 102 cd 1e d9 2a ce 1d 41 f0 103 d8 de 89 57 (20 octets) 105 Input: 106 P = "password" (8 octets) 107 S = "salt" (4 octets) 108 c = 4096 109 dkLen = 20 111 Output: 112 DK = 4b 00 79 01 b7 65 48 9a 113 be ad 49 d9 26 f7 21 d0 114 65 a4 29 c1 (20 octets) 116 Input: 117 P = "password" (8 octets) 118 S = "salt" (4 octets) 119 c = 16777216 120 dkLen = 20 122 Output: 123 DK = ee fe 3d 61 cd 4d a4 e4 124 e9 94 5b 3d 6b a2 15 8c 125 26 34 e9 84 (20 octets) 127 Input: 128 P = "passwordPASSWORDpassword" (24 octets) 129 S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets) 130 c = 4096 131 dkLen = 25 133 Output: 134 DK = 3d 2e ec 4f e4 1c 84 9b 135 80 c8 d8 36 62 c0 e4 4a 136 8b 29 1a 96 4c f2 f0 70 137 38 (25 octets) 139 Input: 140 P = "pass\0word" (9 octets) 141 S = "sa\0lt" (5 octets) 142 c = 4096 143 dkLen = 16 145 Output: 146 DK = 56 fa 6a a7 55 48 09 9d 147 cc 37 d7 f0 34 25 e0 c3 (16 octets) 149 3. Acknowledgements 151 Barry Brachman and Love Hoernquist Aestrand confirmed the test 152 vectors (using independent implementations) and pointed out a mistake 153 in the salt octet length count. 155 4. Copying conditions 157 This document should be considered a Code Component and is thus 158 available under the BSD license. 160 5. Security Considerations 162 The security considerations in [RFC2898] apply. This document does 163 not introduce any new security considerations. 165 6. IANA Considerations 167 None. 169 7. References 171 7.1. Normative References 173 [ANSI.X3-4.1986] 174 American National Standards Institute, "Coded Character 175 Set - 7-bit American Standard Code for Information 176 Interchange", ANSI X3.4, 1986. 178 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 179 Hashing for Message Authentication", RFC 2104, 180 February 1997. 182 [RFC2898] Kaliski, B., "PKCS #5: Password-Based Cryptography 183 Specification Version 2.0", RFC 2898, September 2000. 185 [FIPS.180-1.1995] 186 National Institute of Standards and Technology, "Secure 187 Hash Standard", FIPS PUB 180-1, April 1995, 188 . 190 7.2. Informative References 192 [RFC5802] Newman, C., Menon-Sen, A., Melnikov, A., and N. Williams, 193 "Salted Challenge Response Authentication Mechanism 194 (SCRAM) SASL and GSS-API Mechanisms", RFC 5802, July 2010. 196 Author's Address 198 Simon Josefsson 199 SJD AB 200 Hagagatan 24 201 Stockholm 113 47 202 SE 204 Email: simon@josefsson.org 205 URI: http://josefsson.org/