[Cryptography] Key stretching
John Kelsey
crypto.jmk at gmail.com
Fri Oct 11 15:30:04 EDT 2013
AES128, rather.
Sent from my iPhone
On Oct 11, 2013, at 11:26 AM, Phillip Hallam-Baker <hallam at gmail.com> wrote:
> All,
>
> Quick question, anyone got a good scheme for key stretching?
>
> I have this scheme for managing private keys that involves storing them as encrypted PKCS#8 blobs in the cloud.
>
> AES128 seems a little on the weak side for this but there are (rare) circumstances where a user is going to need to type in the key for recovery purposes so I don't want more than 128 bits of key to type in (I am betting that 128 bits is going to be sufficient to the end of Moore's law).
>
>
> So the answer is to use AES 256 and stretch the key, but how? I could just repeat the key:
>
> K = k + k
>
> Related key attacks make me a little nervous though. Maybe:
>
> K = (k + 01234567) XOR SHA512 (k)
>
>
> --
> Website: http://hallambaker.com/
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131011/16e0a2cb/attachment.html>
More information about the cryptography
mailing list