expanding a password into many keys
Hal Finney
hal at finney.org
Mon Jun 13 23:27:16 EDT 2005
Ian Grigg wrote:
> I'd like to take a password and expand it into
> several keys. It seems like a fairly simple operation
> of hashing the concatonatonation of the password
> with each key name in turn to get each key.
The recommended technique I've seen for this (I think David Wagner
suggested it on sci.crypt years ago) is to use a MAC:
key = MAC (password, keyname)
The security property of a MAC is that you can get as many messages MAC'd
as you want, and you won't be able to guess a MAC on any new messages.
That's exactly what you want here, that an attacker can learn keys when he
knows or chooses keynames, but be unable to guess any keys for any other
keynames. It's a good fit to the security requirements for your problem.
Hal Finney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list