Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
PBKDF2
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==HMAC collisions == PBKDF2 has an interesting property when using HMAC as its pseudo-random function. It is possible to trivially construct any number of different password pairs with collisions within each pair.<ref>{{Cite web |url=https://mathiasbynens.be/notes/pbkdf2-hmac |title=PBKDF2+HMAC hash collisions explained |first=Mathias |last=Bynens |website=mathiasbynens.be}}</ref> If a supplied password is longer than the block size of the underlying HMAC hash function, the password is first pre-hashed into a digest, and that digest is instead used as the password. For example, the following password is too long: * '''Password:''' <code>{{not a typo|plnlrtfpijpuhqylxbgqiiyipieyxvfsavzgxbbcfusqkozwpngsyejqlmjsytrmd}}</code> therefore, when using HMAC-SHA1, it is pre-hashed using SHA-1 into: * '''SHA1''' (hex): <code>65426b585154667542717027635463617226672a</code> Which can be represented in ASCII as: * '''SHA1''' (ASCII): <code>eBkXQTfuBqp'cTcar&g*</code> This means regardless of the salt or iterations, PBKDF2-HMAC-SHA1 will generate the same key bytes for the passwords: * "plnlrtfpijpuhqylxbgqiiyipieyxvfsavzgxbbcfusqkozwpngsyejqlmjsytrmd" * "eBkXQTfuBqp'cTcar&g*" For example, using: * '''PRF''': HMAC-SHA1 * '''Salt:''' A009C1A485912C6AE630D3E744240B04 * '''Iterations:''' 1,000 * '''Derived key length:''' 16 bytes The following two function calls: <syntaxhighlight lang="python"> PBKDF2-HMAC-SHA1("plnlrtfpijpuhqylxbgqiiyipieyxvfsavzgxbbcfusqkozwpngsyejqlmjsytrmd", ...) PBKDF2-HMAC-SHA1("eBkXQTfuBqp'cTcar&g*", ...) </syntaxhighlight> will generate the same derived key bytes (<code>17EB4014C8C461C300E9B61518B9A18B</code>). These derived key collisions do not represent a security vulnerability β as one still must know the original password in order to generate the ''hash'' of the password.<ref>{{Cite web|url=https://crypto.stackexchange.com/questions/26510/why-is-hmac-sha1-still-considered-secure|title = Collision resistance - Why is HMAC-SHA1 still considered secure? |website=crypto.stackexchange.com}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)