Re: chaining multiple key derivation functions together

[Colin Percival <cperciva@tarsnap.com>]

On 03/23/15 20:04, Maricel Gregoraschko wrote:
> I was looking at PBKDF2, bcrypt and scrypt as options for key derivation; and
> would like to try using them all together in order to get the cryptographic
> strength of the strongest one (which seems to be scrypt so far unless
> something novel is discovered, but the assumption is that it is not known
> which one is the strongest).

That assumption is incorrect.

> [...]
> So basically the 3 kdfs are applied in parallel, and the resulting keys are
> concatenated and then hashed together. What do you guys think about this one?
> Is this obviously superior to just applying the multiple kdf "in series"?

Computing several KDF functions in parallel or in series and combining them
makes no difference to an attacker; parallel may be more convenient for real
users since it may produce results faster by using multiple CPUs.

Either way is weaker than making a single scrypt call with larger parameters.

> Also, I haven't looked at the sources of the scrypt utility yet, is it
> straightforward to take the source files from there to use scrypt as a
> function call from another program? Or is there a scrypt library specifically
> for that?

It's straightforward to extract the source code files you need.  I think
someone was working on libraryizing scrypt but I can't remember if it was
ever finished; and for such a small amount of code I would just import the
source code into your program anyway.

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid