Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
PBKDF2
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Alternatives to PBKDF2== One weakness of PBKDF2 is that while its number of iterations can be adjusted to make it take an arbitrarily large amount of computing time, it can be implemented with a small circuit and very little RAM, which makes brute-force attacks using [[application-specific integrated circuit]]s or [[graphics processing unit]]s relatively cheap.<ref name="percival2009">[[Colin Percival]]. [http://www.tarsnap.com/scrypt.html scrypt]. As presented in [http://www.tarsnap.com/scrypt/scrypt.pdf "Stronger Key Derivation via Sequential Memory-Hard Functions"]. presented at BSDCan'09, May 2009.</ref> The [[bcrypt]] password hashing function requires a larger amount of RAM (but still not tunable separately, i.e. fixed for a given amount of CPU time) and is significantly stronger against such attacks,<ref>{{cite web|url=http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds |title=New 25 GPU Monster Devours Passwords In Seconds |publisher=The Security Ledger |date=2012-12-04 |access-date=2013-09-07}}</ref> while the more modern [[scrypt]] key derivation function can use arbitrarily large amounts of memory and is therefore more resistant to ASIC and GPU attacks.<ref name="percival2009" /> In 2013, the [[Password Hashing Competition]] (PHC) was held to develop a more resistant approach. On 20 July 2015 [[Argon2]] was selected as the final PHC winner, with special recognition given to four other password hashing schemes: Catena, [[Lyra2]], [[yescrypt]] and Makwa.<ref>[https://password-hashing.net "Password Hashing Competition"]</ref> Another alternative is [[Balloon hashing]], which is recommended in [[password policy#NIST guidelines|NIST password guidelines]].<ref>{{cite web|website=NIST |id=SP{{nbsp}}800-63B |title=Digital Identity Guidelines Authentication and Lifecycle Management Section 5.1.1.2 |url=https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf|access-date=June 18, 2021}}</ref> To limit a [[brute-force attack]], it is possible to make each password attempt require an online interaction, without harming the confidentiality of the password. This can be done using an [[oblivious pseudorandom function]] to perform [[oblivious pseudorandom function#Password-based key derivation|password hardening]].<ref>{{cite book |last1=Ford |first1=W. |last2=Kaliski |first2=B. S. |chapter=Server-assisted generation of a strong secret from a password |title=Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000)|date=2000 |pages=176β180 |doi=10.1109/ENABL.2000.883724 |isbn=0-7695-0798-0 |s2cid=1977743 |chapter-url=https://ieeexplore.ieee.org/document/883724}}</ref> This can be done as alternative to, or as an additional step in, a PBKDF.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)