Password-based key derivation functions (KDFs) are used to generate secure keys of arbitrary length implemented in many security-related systems. The strength of these KDFs is the ability to provide countermeasures against brute-force/dictionary attacks. One of the most implemented KDFs is PBKDF2. In order to slow attackers down, PBKDF2 uses a salt and introduces computational intensive operations based on an iterated pseudorandom function. Since passwords are widely used to protect personal data and to authenticate users to access specific resources, if an application uses a small iteration count value, the strength of PBKDF2 against attacks performed on low-cost commodity hardware may be reduced. In this paper we introduce the cryptographic algorithms involved in the key derivation process, describing the optimization techniques used to speed up PBKDF2-HMAC-SHA1 in a GPU/CPU context. Finally, a testing activity has been executed on consumer-grade hardware, and experimental results are reported.
Understanding Optimizations and Measuring Performances of PBKDF2 / A.F. Iuorio, A. Visconti (LECTURE NOTES ON DATA ENGINEERING AND COMMUNICATIONS TECHNOLOGIES). - In: 2nd International Conference on Wireless Intelligent and Distributed Environment for Communication / [a cura di] I. Woungang, S.K. Dhurandher. - [s.l] : Springer, 2019. - ISBN 9783030114367. - pp. 101-114 (( Intervento presentato al 2. convegno International Conference on Wireless Intelligent and Distributed Environment for Communication tenutosi a Toronto nel 2018 [10.1007/978-3-030-11437-4_8].
Understanding Optimizations and Measuring Performances of PBKDF2
A. Visconti
2019
Abstract
Password-based key derivation functions (KDFs) are used to generate secure keys of arbitrary length implemented in many security-related systems. The strength of these KDFs is the ability to provide countermeasures against brute-force/dictionary attacks. One of the most implemented KDFs is PBKDF2. In order to slow attackers down, PBKDF2 uses a salt and introduces computational intensive operations based on an iterated pseudorandom function. Since passwords are widely used to protect personal data and to authenticate users to access specific resources, if an application uses a small iteration count value, the strength of PBKDF2 against attacks performed on low-cost commodity hardware may be reduced. In this paper we introduce the cryptographic algorithms involved in the key derivation process, describing the optimization techniques used to speed up PBKDF2-HMAC-SHA1 in a GPU/CPU context. Finally, a testing activity has been executed on consumer-grade hardware, and experimental results are reported.File | Dimensione | Formato | |
---|---|---|---|
2019-161_IACR.pdf
accesso riservato
Tipologia:
Pre-print (manoscritto inviato all'editore)
Dimensione
955.09 kB
Formato
Adobe PDF
|
955.09 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.