pbkdf2

Delving into the java encryption and hashing world I see examples of the constructor for the PBEKeySpec class with various values for the iterationCount and the keyLength parameters. Nothing seems to explain what these parameters impact or mean. I am assuming that keyLength is how long the key is so 32 bit encryption would take a value of 32 for the key length, but that assumption feels wrong. My guess for the iterationCount is the number of times each char is encrypted, again not feeling the love on that assumption either. Links to info or an explanation are appreciated. The iteration count

I'm working on a encryption functionality based on classes inherited from SymmetricAlgorithm such as TripleDes, DES, etc. Basically there're two options to generate consistent key and IV for my algorithm class, PasswordDeriveBytes and Rfc2898DeriveBytes , both inherit from DeriveBytes abstract class. The PasswordDeriveBytes.GetBytes() method is marked as obsolete in .NET framework while Rfc2898DeriveBytes.GetBytes() is recommended, as it matches the PBKDF2 standard. However, based on my testing, calling the same GetBytes() method in Rfc2898DeriveBytes class is almost 15 times slower than that

I am using the following methods to create a salted and hashed password from the crypto lib in nodejs: crypto.randomBytes(size, [callback]) crypto.pbkdf2(password, salt, iterations, keylen, callback) For the randomBytes call (creating the SALT) what size should I use? I have heard 128-bit salts, maybe up to 256-bit. It looks like this function uses a size in bytes so can I assume a size of 32 (256 bits) is sufficient? For the pbkdf2 call, what is a good number of iterations and what is a good length for the key (keylen)? Also, for storage I have seen examples of storing the salt, length,

I've been reading about the Gawker incident and several articles have cropped up regarding only using bcrypt to hash passwords and I want to make sure my hashing mechanism is secure enough to avoid switching to another method. In my current application I have opted for a PBKDF2 implementation utilising sha2-512 and a minimum of 1000 iterations. Can I ask for opinions on using PBKDF2 vs Bcrypt and whether or not I should implement a change? You're good with PBKDF2, no need to jump to bcrypt. Although, the recommendation to use 1000 iterations was made in year 2000, now you'd want much more.

Recently I have been digging into cryptography and getting hashing and encryption functions working in Excel which I might use in a project I am working on. I got simple hashing functions working using, for example: Function Hash(ByVal plainText As String) Dim utf8Encoding As Object Dim hashManager As Object Dim hashBytes() As Byte Set utf8Encoding = CreateObject("System.Text.UTF8Encoding") Set hashManager = CreateObject("System.Security.Cryptography.SHA512Managed") hashBytes = utf8Encoding.GetBytes_4(plainText) hashBytes = hashManager.ComputeHash_2(hashBytes) Hash = Encode(hashBytes, edHex)

So I'm trying to use PBKDF2 to derive a key given a base64 string of 256bits. I am able to use C#'s Rfc2898DeriveBytes and node-crypto's pbkdf2 to derive the same key, however, I can't say the same for C++. I'm not sure if I'm doing wrong conversions or using the functions improperly, but I'll let you guys look at it. C++ /* 256bit key */ string key = "Y1Mjycd0+O+AendY5pB58JMlmS0EmBWgjdj2r2KW6qQ="; string decodedKey; StringSource(key, true, new Base64Decoder(new StringSink(decodedKey))); const byte* keyByte = (const byte*) decodedKey.data(); /* Generate IV */ /* AutoSeededRandomPool prng; byte

What is the "best" solution these today? This seems a good option: https://defuse.ca/php-pbkdf2.htm But then how about upgrading to PHP5.5 and using this? http://php.net/manual/en/function.hash-pbkdf2.php Curious as to why the PHP site states: Caution The PBKDF2 method can be used for hashing passwords for storage (it is NIST approved for that use). However, it should be noted that CRYPT_BLOWFISH is better suited for password storage and should be used instead via crypt(). For PHP versions less that 5.5 would it be fair to use the defuse.ca solution, and then just switch it out after upgrading

I'm attempting to use OpenSSL's PKCS5_PBKDF2_HMAC_SHA1 method. I gather that it returns 0 if it succeeds, and some other value otherwise. My question is, what does a non-zero return value mean? Memory error? Usage error? How should my program handle it (retry, quit?)? Edit: A corollary question is, is there any way to figure this out besides reverse-engineering the method itself? is there any way to figure this out besides reverse-engineering the method itself? PKCS5_PBKDF2_HMAC_SHA1 looks like one of those undocumented functions because I can't find it in the OpenSSL docs . OpenSSL has a lot