| < draft-kaliski-pkcs5-v2-03.txt | draft-kaliski-pkcs5-v2-04.txt > | |||
|---|---|---|---|---|
| INTERNET-DRAFT B. Kaliski | INTERNET-DRAFT B. Kaliski | |||
| Expires: August 2000 RSA Laboratories | Expires: November 2000 RSA Laboratories | |||
| Intended Category: Informational February 2000 | Intended Category: Informational May 2000 | |||
| Password-Based Cryptography Specification | PKCS #5: Password-Based Cryptography Specification | |||
| PKCS #5 v2.0 | Version 2.0 | |||
| <draft-kaliski-pkcs5-v2-03.txt> | <draft-kaliski-pkcs5-v2-04.txt> | |||
| Status of this Memo | Status of this memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of RFC2026 except that the right to | all provisions of Section 10 of RFC2026 except that the right to | |||
| produce derivative works is not granted. This document represents a | produce derivative works is not granted. | |||
| republication of PKCS#5 v 2.0 from RSA Laboratories' Public-Key | ||||
| Cryptography Standards (PKCS) series, and change control is retained | ||||
| within the PKCS process. | ||||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that other | Task Force (IETF), its areas, and its working groups. Note that other | |||
| groups may also distribute working documents as Internet-Drafts. | groups may also distribute working documents as Internet-Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt | http://www.ietf.org/ietf/1id-abstracts.txt | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| Abstract | Abstract | |||
| This memo represents a republication of PKCS #5 v 2.0 from RSA | ||||
| Laboratories' Public-Key Cryptography Standards (PKCS) series, and | ||||
| change control is retained within the PKCS process. The remainder of | ||||
| this text is taken from that specification. | ||||
| This document provides recommendations for the implementation of | This document provides recommendations for the implementation of | |||
| password-based cryptography, covering key derivation functions, | password-based cryptography, covering key derivation functions, | |||
| encryption schemes, message-authentication schemes, and ASN.1 syntax | encryption schemes, message-authentication schemes, and ASN.1 syntax | |||
| identifying the techniques. | identifying the techniques. | |||
| The recommendations are intended for general application within | The recommendations are intended for general application within | |||
| computer and communications systems, and as such include a fair | computer and communications systems, and as such include a fair | |||
| amount of flexibility. They are particularly intended for the | amount of flexibility. They are particularly intended for the | |||
| protection of sensitive information such as private keys, as in PKCS | protection of sensitive information such as private keys, as in PKCS | |||
| #8 [25]. It is expected that application standards and implementation | #8 [25]. It is expected that application standards and implementation | |||
| profiles based on these specifications may include additional | profiles based on these specifications may include additional | |||
| constraints. | constraints. | |||
| Other cryptographic techniques based on passwords, such as password- | Other cryptographic techniques based on passwords, such as password- | |||
| based key entity authentication and key establishment protocols | based key entity authentication and key establishment protocols | |||
| [4][5][26] are outside the scope of this document. Guidelines for the | [4][5][26] are outside the scope of this document. Guidelines for the | |||
| selection of passwords are also outside the scope. | selection of passwords are also outside the scope. | |||
| Table of Contents | Table of contents | |||
| 1 Introduction ................................................. 3 | 1. Introduction ................................................ 3 | |||
| 2 Notation ..................................................... 3 | 2. Notation .................................................... 3 | |||
| 3 Overview ..................................................... 4 | 3. Overview .................................................... 4 | |||
| 4 Salt and Iteration Count ..................................... 6 | 4. Salt and iteration count .................................... 6 | |||
| 4.1 Salt .................................................... 6 | 4.1 Salt .................................................... 6 | |||
| 4.2 Iteration Count ......................................... 8 | 4.2 Iteration count ......................................... 8 | |||
| 5 Key Derivation Functions ..................................... 8 | 5. Key derivation functions .................................... 8 | |||
| 5.1 PBKDF1 .................................................. 9 | 5.1 PBKDF1 .................................................. 9 | |||
| 5.2 PBKDF2 .................................................. 9 | 5.2 PBKDF2 .................................................. 9 | |||
| 6 Encryption Schemes ........................................... 11 | 6. Encryption schemes .......................................... 11 | |||
| 6.1 PBES1 ................................................... 12 | 6.1 PBES1 ................................................... 12 | |||
| 6.1.1 Encryption Operation ............................. 12 | 6.1.1 Encryption operation ............................. 12 | |||
| 6.1.2 Decryption Operation ............................. 13 | 6.1.2 Decryption operation ............................. 13 | |||
| 6.2 PBES2 ................................................... 14 | 6.2 PBES2 ................................................... 14 | |||
| 6.2.1 Encryption Operation ............................. 14 | 6.2.1 Encryption operation ............................. 14 | |||
| 6.2.2 Decryption Operation ............................. 15 | 6.2.2 Decryption operation ............................. 15 | |||
| 7 Message Authentication Schemes ............................... 15 | 7. Message authentication schemes .............................. 15 | |||
| 7.1 PBMAC1 .................................................. 15 | 7.1 PBMAC1 .................................................. 15 | |||
| 7.1.1 MAC Generation ................................... 16 | 7.1.1 MAC generation ................................... 16 | |||
| 7.1.2 MAC Verification ................................. 16 | 7.1.2 MAC verification ................................. 16 | |||
| 8 Security Considerations ...................................... 17 | 8. Security considerations ..................................... 17 | |||
| 9 Author's Address.............................................. 17 | 9. Author's address............................................. 17 | |||
| Appendices | Appendices | |||
| A ASN.1 Syntax ................................................. 18 | A. ASN.1 syntax ................................................ 18 | |||
| A.1 PBKDF1 .................................................. 18 | A.1 PBKDF1 .................................................. 18 | |||
| A.2 PBKDF2 .................................................. 18 | A.2 PBKDF2 .................................................. 18 | |||
| A.3 PBES1 ................................................... 20 | A.3 PBES1 ................................................... 20 | |||
| A.4 PBES2 ................................................... 20 | A.4 PBES2 ................................................... 20 | |||
| A.5 PBMAC1 .................................................. 21 | A.5 PBMAC1 .................................................. 21 | |||
| B Supporting Techniques ........................................ 22 | B. Supporting techniques ....................................... 22 | |||
| B.1 Pseudorandom Functions .................................. 22 | B.1 Pseudorandom functions .................................. 22 | |||
| B.2 Encryption Schemes ...................................... 23 | B.2 Encryption schemes ...................................... 23 | |||
| B.3 Message Authentication Schemes .......................... 26 | B.3 Message authentication schemes .......................... 26 | |||
| C ASN.1 Module ................................................. 26 | C. ASN.1 module ................................................ 26 | |||
| D Intellectual Property Considerations ......................... 30 | D. Intellectual property considerations ........................ 30 | |||
| E Revision History ............................................. 30 | E. Revision history ............................................ 30 | |||
| F References ................................................... 31 | F. References .................................................. 31 | |||
| G Contact Information & About PKCS ............................. 33 | G. Contact information & About PKCS ............................ 33 | |||
| 1. Introduction | 1. Introduction | |||
| This document provides recommendations for the implementation of | This document provides recommendations for the implementation of | |||
| password-based cryptography, covering the following aspects: | password-based cryptography, covering the following aspects: | |||
| - key derivation functions | - key derivation functions | |||
| - encryption schemes | - encryption schemes | |||
| - message-authentication schemes | - message-authentication schemes | |||
| - ASN.1 syntax identifying the techniques | - ASN.1 syntax identifying the techniques | |||
| skipping to change at page 17, line 14 ¶ | skipping to change at page 17, line 14 ¶ | |||
| DK = KDF (P, S, c, dkLen) . | DK = KDF (P, S, c, dkLen) . | |||
| 4. Process the message M with the underlying message | 4. Process the message M with the underlying message | |||
| authentication scheme under the derived key DK to verify the | authentication scheme under the derived key DK to verify the | |||
| message authentication code T. | message authentication code T. | |||
| 5. If the message authentication code verifies, output | 5. If the message authentication code verifies, output | |||
| "correct"; else output "incorrect." | "correct"; else output "incorrect." | |||
| 8. Security Considerations | 8. Security considerations | |||
| Password-based cryptography is generally limited in the security that | Password-based cryptography is generally limited in the security that | |||
| it can provide, particularly for methods such as those defined in | it can provide, particularly for methods such as those defined in | |||
| this document where off-line password search is possible. While the | this document where off-line password search is possible. While the | |||
| use of salt and iteration count can increase the complexity of attack | use of salt and iteration count can increase the complexity of attack | |||
| (see Section 4 for recommendations), it is essential that passwords | (see Section 4 for recommendations), it is essential that passwords | |||
| are selected well, and relevant guidelines (e.g., [17]) should be | are selected well, and relevant guidelines (e.g., [17]) should be | |||
| taken into account. It is also important that passwords be protected | taken into account. It is also important that passwords be protected | |||
| well if stored. | well if stored. | |||
| In general, different keys should be derived from a password for | In general, different keys should be derived from a password for | |||
| different uses to minimize the possibility of unintended | different uses to minimize the possibility of unintended | |||
| interactions. For password-based encryption with a single algorithm, | interactions. For password-based encryption with a single algorithm, | |||
| a random salt is sufficient to ensure that different keys will be | a random salt is sufficient to ensure that different keys will be | |||
| produced. In certain other situations, as outlined in Section 4, a | produced. In certain other situations, as outlined in Section 4, a | |||
| structured salt is necessary. The recommendations in Section 4 should | structured salt is necessary. The recommendations in Section 4 should | |||
| thus be taken into account when selecting the salt value. | thus be taken into account when selecting the salt value. | |||
| 9. Author's Address | 9. Author's address | |||
| Burt Kaliski | Burt Kaliski | |||
| RSA Laboratories | RSA Laboratories | |||
| 20 Crosby Drive | 20 Crosby Drive | |||
| Bedford, MA 01730 USA | Bedford, MA 01730 USA | |||
| Email: bkaliski@rsasecurity.com | Email: bkaliski@rsasecurity.com | |||
| APPENDICES | APPENDICES | |||
| skipping to change at page 33, line 5 ¶ | skipping to change at page 33, line 5 ¶ | |||
| [25] RSA Laboratories. PKCS #8: Private-Key Information Syntax | [25] RSA Laboratories. PKCS #8: Private-Key Information Syntax | |||
| Standard. Version 1.2, November 1993. | Standard. Version 1.2, November 1993. | |||
| [26] T. Wu. The Secure Remote Password protocol. In Proceedings of | [26] T. Wu. The Secure Remote Password protocol. In Proceedings of | |||
| the 1998 Internet Society Network and Distributed System Security | the 1998 Internet Society Network and Distributed System Security | |||
| Symposium, pages 97-111, Internet Society, 1998. | Symposium, pages 97-111, Internet Society, 1998. | |||
| [27] F. Yergeau. RFC 2279: UTF-8, a Transformation Format of ISO | [27] F. Yergeau. RFC 2279: UTF-8, a Transformation Format of ISO | |||
| 10646. IETF, January 1998. | 10646. IETF, January 1998. | |||
| G. Contact Information & About PKCS | G. Contact information & About PKCS | |||
| The Public-Key Cryptography Standards are specifications produced by | The Public-Key Cryptography Standards are specifications produced by | |||
| RSA Laboratories in cooperation with secure systems developers | RSA Laboratories in cooperation with secure systems developers | |||
| worldwide for the purpose of accelerating the deployment of public- | worldwide for the purpose of accelerating the deployment of public- | |||
| key cryptography. First published in 1991 as a result of meetings | key cryptography. First published in 1991 as a result of meetings | |||
| with a small group of early adopters of public-key technology, the | with a small group of early adopters of public-key technology, the | |||
| PKCS documents have become widely referenced and implemented. | PKCS documents have become widely referenced and implemented. | |||
| Contributions from the PKCS series have become part of many formal | Contributions from the PKCS series have become part of many formal | |||
| and de facto standards, including ANSI X9 documents, PKIX, SET, | and de facto standards, including ANSI X9 documents, PKIX, SET, | |||
| S/MIME, and SSL. | S/MIME, and SSL. | |||
| End of changes. 19 change blocks. | ||||
| 40 lines changed or deleted | 43 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||