Comments on SP800-108

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue May 6 03:06:15 EDT 2008


Jack Lloyd <lloyd at randombit.net> writes:

>As a standard, this is specification is a disaster.

Somewhat more strongly worded than my comments :-), but I had the same
feeling: Why yet another bunch of arbitrary PRF/KDFs to implement?  We now
have ones for SSL, for TLS, for SSH, for IKE, for PGP, for S/MIME, for... well
I don't know every crypto protocol in existence but I'm sure there's plenty
more.  What's wrong with PBKDF2, which seems to do the job quite nicely?
Whoever dies with the most KDFs wins?

There just doesn't seem to be any reason for this document to exist except
NIH.  PBKDF2 is a well-specified KDF, is relatively easy to implement (and
implement in an interoperable manner), has been around for years, and has
numerous interoperable implementations, including OSS ones if you don't want
to implement it yourself.  What's the point of SP800-108?  What
requirement/demand is this meeting?

Peter.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list