Scribd
Upload
608 views

Key Stretching

Key stretching techniques are used to strengthen weak passwords by making password cracking attempts slower. It works by feeding a password into an algorithm that takes a constant time, such as one second, to run on a typical computer. This stretches the password into a longer "enhanced key" that is more secure against brute force attacks. While it does not prevent dictionary attacks, it significantly increases the workload for attackers by forcing them to run the stretching algorithm for each attempted password. However, hardware implementations may allow faster cracking, so the stretching needs to be adjusted over time to maintain security levels.

Uploaded by

Abinaya Thulasirajan
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
608 views

Key Stretching

Key stretching techniques are used to strengthen weak passwords by making password cracking attempts slower. It works by feeding a password into an algorithm that takes a constant time, such as one second, to run on a typical computer. This stretches the password into a longer "enhanced key" that is more secure against brute force attacks. While it does not prevent dictionary attacks, it significantly increases the workload for attackers by forcing them to run the stretching algorithm for each attempted password. However, hardware implementations may allow faster cracking, so the stretching needs to be adjusted over time to maintain security levels.

Uploaded by

Abinaya Thulasirajan
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

Key stretching If the attacker uses the same class of

hardware as the user, each guess will take


In cryptography, key stretching refers to the same amount of time to process as it
techniques used to make a possibly weak took the user (for example, one second).
key, typically a password or passphrase, Even if the attacker has much greater
more secure against a brute force attack by computing resources than the user, the key
increasing the time it takes to test each stretching will still slow the attacker down,
possible key. Passwords or passphrases since the user's computer only has to
created by humans are often short or compute the stretching function once upon
predictable enough to allow password the user entering his/her password, whereas
cracking. Key stretching makes such attacks the attacker must compute it for every guess
more difficult. in the attack.

Key stretching is sometimes referred to as There are several ways to perform key
"key strengthening", although the latter term stretching. A cryptographic hash function or
originally referred to another technique with a block cipher may be repeatedly applied in
significantly different security and a loop (see pseudo code below). In
performance properties applications where the key is used for a
cipher, the key schedule (key set-up) in the
Key stretching techniques generally work as cipher may be modified so that it takes one
follows. The initial key is fed into an second to perform.
algorithm that, running on a given speed of
processor, takes a known constant time to A related technique, salting, protects against
apply. The algorithm is constructed so that time-memory tradeoff attacks and is often
the delay introduced is acceptable to most used in conjunction with key stretching.
users, say one second on a typical personal
computer. The output is the enhanced key. Hash based key stretching
The enhanced key should be of sufficient
size to make it unfeasible to break by brute Simple key stretching method:
force (e.g. at least 128 bits). The overall
algorithm used should be secure in the sense key = hash(password)
that there should be no known way of taking for 1 to 65000 do
a shortcut that would make it possible to key = hash(key)
calculate the enhanced key in less time (less
processor work) than by using the key Even better method with a salt. ("+" denotes
stretching algorithm itself. the operation of concatenation):

The key stretching process leaves the key = hash(password + salt)


attacker with two options: either try every for 1 to 65000 do
possible combination of the enhanced key key = hash(key)
(infeasible if the enhanced key is long
enough), or else try likely combinations of Or even:
the initial key. In the latter approach, if the
initial key is a password or a passphrase, key = hash(password + salt)
then the attacker would first try every word for 1 to 65000 do
in a dictionary or common password list and key = hash(key + salt)
then try all character combinations for
longer passwords. Key stretching does not
prevent this approach, but the attacker has to
spend much more time on each attempt.
Strength and time at less than 100$ price points[3], it follows
that an attacker can build a fully unrolled
For these examples assume that the slowest hardware cracker for about 5000$. Such a
personal computers in use today (2011) can design, if clocked at 100MHz can try about
do about 65000 SHA-1 hashes in one second 300.000 keys/second for the algorithm
using compiled code[dubious – discuss]. Thus a proposed above. The attacker is free to
program that uses key stretching can use choose a good price/speed compromise, for
65000 rounds of hashes and delay the user example a 150.000 keys/second design for
for at most one second. 2500$. It's worth noting that the key
stretching still slows down the attacker in
Testing a trial password or passphrase such a situation, i.e. a 5000$ design
typically requires one hash operation. But if attacking a straight SHA-1 hash would be
key stretching was used, the attacker must able to try 300.000*2^16 = 20 billion
compute a strengthened key for each key keys/second.
they test, meaning there are 65000 hashes to
compute per test. This increases the History
attacker's workload by a factor of 65000,
approximately 216 operations, which means The first deliberately-slow password-based
the enhanced key is "worth" about an key derivation function was called
additional 16 bits in key strength. "CRYPT" and was invented by Robert
Morris during the 1980s for encrypting Unix
The commonly accepted Moore's law states passwords. It used an iteration count of 25, a
that computer speed doubles about every 1.5 12-bit salt and a variant of DES as the sub-
years. Under this assumption, every 1.5 function. (DES proper was avoided in an
years one more bit of key strength is attempt to frustrate attacks using standard
plausibly brute-forcible. This implies that 16 DES hardware.) It also limited passwords to
extra bits of strength is worth about 16×1.5 a maximum of eight ASCII characters.
= 24 years later cracking, but it also means While it seemed a great advance at the time,
that the number of key stretching rounds a CRYPT(3) is now considered inadequate.
system uses should be doubled about every The iteration count, designed for the PDP-11
1.5 years to maintain the same level of era, is too low, 12 bits of salt is an
security. (Since most keys are more secure inconvenience but does not stop
than necessary, systems that require precomputed dictionary attacks, and the 8
consistent deterministic key generation will character limit prevents the use of stronger
likely not update the number of iterations passphrases.
used in key stretching. In such a case, the
designer should take into consideration how Modern password-based key derivation
long they wish for the key derivation system functions, such as PBKDF2 (specified in
to go unaltered and should choose an RFC 2898), use a cryptographic hash, such
appropriate number of hashes for the as MD5 or SHA1, more salt (e.g. 64 bits)
lifespan of the system.) and a high iteration count (often 1000 or
more). There have been proposals [1] to use
An important consideration to be made is algorithms that require large amounts of
that CPU-bound hash functions are still computer memory and other computing
vulnerable to hardware implementations. resources to make custom hardware attacks
For example, the literature provides efficient more difficult to mount.
hardware implementations of SHA-1 in as
low as 5000 gates, and able to produce a In 2009, a new key strengthening algorithm,
result in less than 400 clock cycles[2]. Since scrypt, was introduced that demands large
multi-million gate FPGAs can be purchased amounts of memory

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy