|
In cryptography, a key derivation function (or KDF) derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudo-random function. KDFs can be used to stretch keys into longer keys or to obtain keys of a required format, such as converting a group element that is the result of a Diffie–Hellman key exchange into a symmetric key for use with AES. Keyed cryptographic hash functions are popular examples of pseudo-random functions used for key derivation. ==Uses of KDFs== Key derivation functions are often used in conjunction with non-secret parameters to derive one or more keys from a common secret value (which is sometimes also referred to as "key diversification"). Such use may prevent an attacker who obtains a derived key from learning useful information about either the input secret value or any of the other derived keys. A KDF may also be used to ensure that derived keys have other desirable properties, such as avoiding "weak keys" in some specific encryption systems. The most common use of KDFs is the password hashing approach to password verification, as used by the passwd file or shadow password file. KDFs happen to have the characteristics desired for a "password hash function", even though they were not originally designed for this purpose. The non-secret parameters are called "salt" in this context. In 2013 a "Password Hashing Competition" was announced to choose a new, standard algorithm for password hashing. On 20th July 2015 the competition ended and Argon2 was announced as the final winner. Four other algorithms received special recognition: Catena, Lyra2, Makwa and yescrypt.〔("Password Hashing Competition" )〕 Key derivation functions are often used as components of multiparty key-agreement protocols. Examples of such key derivation functions include KDF1, defined in IEEE Std 1363-2000, and similar functions in ANSI X9.42. Key derivation functions are also used to derive keys from secret passwords or passphrases. The "HMAC-based Extract-and-Expand Key Derivation Function" or "HKDF" specified in RFC 5869 is a simple HMAC-based KDF, which can be used as a building block in various protocols and applications. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Key derivation function」の詳細全文を読む スポンサード リンク
|