Key derivation from password

148 views
Skip to first unread message

Ilya Bizyaev

unread,
May 2, 2015, 6:17:48 AM5/2/15
to cryptop...@googlegroups.com
Hello everyone!
I need to derive a byte key from user-provided text password. I have found this class: PasswordBasedKeyDerivationFunction, but it is abstract. Which of three classes, derived from it, should I better use (PKCS12_PBKDF, PKCS5_PBKDF1 or PKCS5_PBKDF2_HMAC)?

Jean-Pierre Münch

unread,
May 2, 2015, 12:20:08 PM5/2/15
to cryptop...@googlegroups.com


Am 02.05.2015 um 12:17 schrieb Ilya Bizyaev:
Hello everyone!
I need to derive a byte key from user-provided text password. I have found this class: PasswordBasedKeyDerivationFunction, but it is abstract. Which of three classes, derived from it, should I better use (PKCS12_PBKDF, PKCS5_PBKDF1 or PKCS5_PBKDF2_HMAC)?
Hey Ilya,

Don't use PKCS5_PBKDF1, because it's the predecessor of PKCS5_PBKDF2_HMAC.
If I need to use PBKDFs from Crypto++ I always go with PKCS5_PBKDF2_HMAC, but in the long run the library really needs scrypt or the PHC winner...

BR

JPM

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to cryptopp-user...@googlegroups.com.
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ilya Bizyaev

unread,
May 2, 2015, 12:24:32 PM5/2/15
to cryptop...@googlegroups.com
OK, thank you (^_^)

Ilya Bizyaev

unread,
May 6, 2015, 11:35:43 AM5/6/15
to cryptop...@googlegroups.com
The highlighted line causes a segmentation fault:

void DeriveKey(byte * key, wxString & password, byte * iv)
{
    /** Deriving a key from password **/
    //Convert password to UTF-32
    wxCharBuffer cbuff = password.mb_str(wxMBConvUTF32());
    //Assign UTF-32 data to a byte buffer
    byte * bpass = new byte[cbuff.length()];
    memcpy(bpass, (byte*)cbuff.data(), cbuff.length());
    //Derive the key
    PKCS5_PBKDF2_HMAC<CRC32> KeyDeriver;
    KeyDeriver.DeriveKey(key, 16, (byte)0, bpass, cbuff.length(), iv, 16, 1);
}
What's wrong? Also, how do I use the "purpose" parameter (it is currently (byte)0 )?

Ilya Bizyaev

unread,
May 8, 2015, 1:21:49 PM5/8/15
to cryptop...@googlegroups.com
Debug log:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#1  0x0000000000481ab2 in CryptoPP::HMAC_Base::UncheckedSetKey (this=<optimized out>, userKey=0x941c00 "superdupersecret", keylength=16) at hmac.cpp:21
Program received signal SIGSEGV, Segmentation fault.
In ?? () (/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0)
2539 ../src/gtk/window.cpp: No such file or directory.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
All the code in this function before highlighted line is sure to work properly.

Ilya Bizyaev

unread,
May 8, 2015, 1:34:46 PM5/8/15
to cryptop...@googlegroups.com
Oh, I have found this line in the source code, and it says:
throw InvalidArgument("HMAC: can only be used with a block-based hash function");
Isn't  PKCS5_PBKDF2_HMAC block-based?

Ilya Bizyaev

unread,
May 8, 2015, 1:36:42 PM5/8/15
to cryptop...@googlegroups.com
The previous message is wrong, as hash-function that causes the problem is CRC32. Searching for replacement...

Ilya Bizyaev

unread,
May 8, 2015, 1:39:36 PM5/8/15
to cryptop...@googlegroups.com
Using SHA-1 fixed the problem.

Jean-Pierre Münch

unread,
May 8, 2015, 2:08:32 PM5/8/15
to cryptop...@googlegroups.com
Please don't use SHA-1 for anything but non-cryptographic purposes.
Rather use SHA-256 (on 32-bit target platforms) or SHA-512 (on 64-bit target platforms)

BR

JPM

Am 08.05.2015 um 19:39 schrieb Ilya Bizyaev:
Using SHA-1 fixed the problem.

Ilya Bizyaev

unread,
May 8, 2015, 2:41:55 PM5/8/15
to cryptop...@googlegroups.com
OK, but I'll have to check bit width of the processor.

Jean-Pierre Münch

unread,
May 8, 2015, 2:48:55 PM5/8/15
to cryptop...@googlegroups.com


Am 08.05.2015 um 20:41 schrieb Ilya Bizyaev:
> OK, but I'll have to check bit width of the processor.
>
You don't even have to check the bit width of the processor.
If you plan to deploy to end-user PCs it certainly is 64-bit and if not,
it's certainly 32-bit, mainly most smartphones, most embedded and all
GPUs use 32-bit (or less).

BR

JPM

Ilya Bizyaev

unread,
May 8, 2015, 3:02:44 PM5/8/15
to cryptop...@googlegroups.com
I'm afraid I don't understand what you mean... Should I use SHA-256 everywhere?

Jean-Pierre Münch

unread,
May 8, 2015, 3:07:53 PM5/8/15
to cryptop...@googlegroups.com


Am 08.05.2015 um 21:02 schrieb Ilya Bizyaev:
> I'm afraid I don't understand what you mean... Should I use SHA-256 everywhere?
>

If you plan your application to be used on modern Windows/Mac/Linux
machines you should better go with SHA-512 as they all got 64-bit
processor (with high probability).
If you plan your application to be used on GPU, on Smartphones or
embedded devices SHA-256 is your algorithm.

BR

JPM

Ilya Bizyaev

unread,
May 9, 2015, 1:02:51 PM5/9/15
to cryptop...@googlegroups.com
OK, I'll use SHA-512 then.
Reply all
Reply to author
Forward
0 new messages