deriving multiple keys from one passphrase

Travis H. travis+ml-cryptography at
Thu Feb 1 16:01:00 EST 2007

Hey, quick question.

If one wants to have multiple keys, but for ease-of-use considerations
want to only have the user enter one, is there a preferred way to
derive multiple keys that, while not independent, are "computationally

I was thinking of hashing the passphrase with a unique string for each
one; is this sufficient?  If sufficient, is a cryptographically strong
hash necessary?

I got a clarification about the "use CRCs to process passphrase" idea
someone mentioned.  The salient bit is that he was using several CRCs
(not sure if it's random or carefully chosen), and each one is run on
the passphrase, and the output of all of them concatenated to
initialize a PRNG seed.  The passphrase and seed are both secret, so
according to him there's no need to use a cryptographically strong
hash, and CRCs have a well-understood mathematical basis.

I presume this would be insufficient for deriving independent keys,
but perhaps there is a way to do that with careful selection of the
CRC polys?

The driving force behind innovation is sublimation.
-><- <URL:>
For a good time on my UBE blacklist, email john at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL: <>

More information about the cryptography mailing list