< draft-kaliski-pkcs5-v2-03.txt   draft-kaliski-pkcs5-v2-04.txt >
INTERNET-DRAFT B. Kaliski INTERNET-DRAFT B. Kaliski
Expires: August 2000 RSA Laboratories Expires: November 2000 RSA Laboratories
Intended Category: Informational February 2000 Intended Category: Informational May 2000
Password-Based Cryptography Specification PKCS #5: Password-Based Cryptography Specification
PKCS #5 v2.0 Version 2.0
<draft-kaliski-pkcs5-v2-03.txt> <draft-kaliski-pkcs5-v2-04.txt>
Status of this Memo Status of this memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026 except that the right to all provisions of Section 10 of RFC2026 except that the right to
produce derivative works is not granted. This document represents a produce derivative works is not granted.
republication of PKCS#5 v 2.0 from RSA Laboratories' Public-Key
Cryptography Standards (PKCS) series, and change control is retained
within the PKCS process.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Abstract Abstract
This memo represents a republication of PKCS #5 v 2.0 from RSA
Laboratories' Public-Key Cryptography Standards (PKCS) series, and
change control is retained within the PKCS process. The remainder of
this text is taken from that specification.
This document provides recommendations for the implementation of This document provides recommendations for the implementation of
password-based cryptography, covering key derivation functions, password-based cryptography, covering key derivation functions,
encryption schemes, message-authentication schemes, and ASN.1 syntax encryption schemes, message-authentication schemes, and ASN.1 syntax
identifying the techniques. identifying the techniques.
The recommendations are intended for general application within The recommendations are intended for general application within
computer and communications systems, and as such include a fair computer and communications systems, and as such include a fair
amount of flexibility. They are particularly intended for the amount of flexibility. They are particularly intended for the
protection of sensitive information such as private keys, as in PKCS protection of sensitive information such as private keys, as in PKCS
#8 [25]. It is expected that application standards and implementation #8 [25]. It is expected that application standards and implementation
profiles based on these specifications may include additional profiles based on these specifications may include additional
constraints. constraints.
Other cryptographic techniques based on passwords, such as password- Other cryptographic techniques based on passwords, such as password-
based key entity authentication and key establishment protocols based key entity authentication and key establishment protocols
[4][5][26] are outside the scope of this document. Guidelines for the [4][5][26] are outside the scope of this document. Guidelines for the
selection of passwords are also outside the scope. selection of passwords are also outside the scope.
Table of Contents Table of contents
1 Introduction ................................................. 3 1. Introduction ................................................ 3
2 Notation ..................................................... 3 2. Notation .................................................... 3
3 Overview ..................................................... 4 3. Overview .................................................... 4
4 Salt and Iteration Count ..................................... 6 4. Salt and iteration count .................................... 6
4.1 Salt .................................................... 6 4.1 Salt .................................................... 6
4.2 Iteration Count ......................................... 8 4.2 Iteration count ......................................... 8
5 Key Derivation Functions ..................................... 8 5. Key derivation functions .................................... 8
5.1 PBKDF1 .................................................. 9 5.1 PBKDF1 .................................................. 9
5.2 PBKDF2 .................................................. 9 5.2 PBKDF2 .................................................. 9
6 Encryption Schemes ........................................... 11 6. Encryption schemes .......................................... 11
6.1 PBES1 ................................................... 12 6.1 PBES1 ................................................... 12
6.1.1 Encryption Operation ............................. 12 6.1.1 Encryption operation ............................. 12
6.1.2 Decryption Operation ............................. 13 6.1.2 Decryption operation ............................. 13
6.2 PBES2 ................................................... 14 6.2 PBES2 ................................................... 14
6.2.1 Encryption Operation ............................. 14 6.2.1 Encryption operation ............................. 14
6.2.2 Decryption Operation ............................. 15 6.2.2 Decryption operation ............................. 15
7 Message Authentication Schemes ............................... 15 7. Message authentication schemes .............................. 15
7.1 PBMAC1 .................................................. 15 7.1 PBMAC1 .................................................. 15
7.1.1 MAC Generation ................................... 16 7.1.1 MAC generation ................................... 16
7.1.2 MAC Verification ................................. 16 7.1.2 MAC verification ................................. 16
8 Security Considerations ...................................... 17 8. Security considerations ..................................... 17
9 Author's Address.............................................. 17 9. Author's address............................................. 17
Appendices Appendices
A ASN.1 Syntax ................................................. 18 A. ASN.1 syntax ................................................ 18
A.1 PBKDF1 .................................................. 18 A.1 PBKDF1 .................................................. 18
A.2 PBKDF2 .................................................. 18 A.2 PBKDF2 .................................................. 18
A.3 PBES1 ................................................... 20 A.3 PBES1 ................................................... 20
A.4 PBES2 ................................................... 20 A.4 PBES2 ................................................... 20
A.5 PBMAC1 .................................................. 21 A.5 PBMAC1 .................................................. 21
B Supporting Techniques ........................................ 22 B. Supporting techniques ....................................... 22
B.1 Pseudorandom Functions .................................. 22 B.1 Pseudorandom functions .................................. 22
B.2 Encryption Schemes ...................................... 23 B.2 Encryption schemes ...................................... 23
B.3 Message Authentication Schemes .......................... 26 B.3 Message authentication schemes .......................... 26
C ASN.1 Module ................................................. 26 C. ASN.1 module ................................................ 26
D Intellectual Property Considerations ......................... 30 D. Intellectual property considerations ........................ 30
E Revision History ............................................. 30 E. Revision history ............................................ 30
F References ................................................... 31 F. References .................................................. 31
G Contact Information & About PKCS ............................. 33 G. Contact information & About PKCS ............................ 33
1. Introduction 1. Introduction
This document provides recommendations for the implementation of This document provides recommendations for the implementation of
password-based cryptography, covering the following aspects: password-based cryptography, covering the following aspects:
- key derivation functions - key derivation functions
- encryption schemes - encryption schemes
- message-authentication schemes - message-authentication schemes
- ASN.1 syntax identifying the techniques - ASN.1 syntax identifying the techniques
skipping to change at page 17, line 14 skipping to change at page 17, line 14
DK = KDF (P, S, c, dkLen) . DK = KDF (P, S, c, dkLen) .
4. Process the message M with the underlying message 4. Process the message M with the underlying message
authentication scheme under the derived key DK to verify the authentication scheme under the derived key DK to verify the
message authentication code T. message authentication code T.
5. If the message authentication code verifies, output 5. If the message authentication code verifies, output
"correct"; else output "incorrect." "correct"; else output "incorrect."
8. Security Considerations 8. Security considerations
Password-based cryptography is generally limited in the security that Password-based cryptography is generally limited in the security that
it can provide, particularly for methods such as those defined in it can provide, particularly for methods such as those defined in
this document where off-line password search is possible. While the this document where off-line password search is possible. While the
use of salt and iteration count can increase the complexity of attack use of salt and iteration count can increase the complexity of attack
(see Section 4 for recommendations), it is essential that passwords (see Section 4 for recommendations), it is essential that passwords
are selected well, and relevant guidelines (e.g., [17]) should be are selected well, and relevant guidelines (e.g., [17]) should be
taken into account. It is also important that passwords be protected taken into account. It is also important that passwords be protected
well if stored. well if stored.
In general, different keys should be derived from a password for In general, different keys should be derived from a password for
different uses to minimize the possibility of unintended different uses to minimize the possibility of unintended
interactions. For password-based encryption with a single algorithm, interactions. For password-based encryption with a single algorithm,
a random salt is sufficient to ensure that different keys will be a random salt is sufficient to ensure that different keys will be
produced. In certain other situations, as outlined in Section 4, a produced. In certain other situations, as outlined in Section 4, a
structured salt is necessary. The recommendations in Section 4 should structured salt is necessary. The recommendations in Section 4 should
thus be taken into account when selecting the salt value. thus be taken into account when selecting the salt value.
9. Author's Address 9. Author's address
Burt Kaliski Burt Kaliski
RSA Laboratories RSA Laboratories
20 Crosby Drive 20 Crosby Drive
Bedford, MA 01730 USA Bedford, MA 01730 USA
Email: bkaliski@rsasecurity.com Email: bkaliski@rsasecurity.com
APPENDICES APPENDICES
skipping to change at page 33, line 5 skipping to change at page 33, line 5
[25] RSA Laboratories. PKCS #8: Private-Key Information Syntax [25] RSA Laboratories. PKCS #8: Private-Key Information Syntax
Standard. Version 1.2, November 1993. Standard. Version 1.2, November 1993.
[26] T. Wu. The Secure Remote Password protocol. In Proceedings of [26] T. Wu. The Secure Remote Password protocol. In Proceedings of
the 1998 Internet Society Network and Distributed System Security the 1998 Internet Society Network and Distributed System Security
Symposium, pages 97-111, Internet Society, 1998. Symposium, pages 97-111, Internet Society, 1998.
[27] F. Yergeau. RFC 2279: UTF-8, a Transformation Format of ISO [27] F. Yergeau. RFC 2279: UTF-8, a Transformation Format of ISO
10646. IETF, January 1998. 10646. IETF, January 1998.
G. Contact Information & About PKCS G. Contact information & About PKCS
The Public-Key Cryptography Standards are specifications produced by The Public-Key Cryptography Standards are specifications produced by
RSA Laboratories in cooperation with secure systems developers RSA Laboratories in cooperation with secure systems developers
worldwide for the purpose of accelerating the deployment of public- worldwide for the purpose of accelerating the deployment of public-
key cryptography. First published in 1991 as a result of meetings key cryptography. First published in 1991 as a result of meetings
with a small group of early adopters of public-key technology, the with a small group of early adopters of public-key technology, the
PKCS documents have become widely referenced and implemented. PKCS documents have become widely referenced and implemented.
Contributions from the PKCS series have become part of many formal Contributions from the PKCS series have become part of many formal
and de facto standards, including ANSI X9 documents, PKIX, SET, and de facto standards, including ANSI X9 documents, PKIX, SET,
S/MIME, and SSL. S/MIME, and SSL.
 End of changes. 19 change blocks. 
40 lines changed or deleted 43 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/