[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

chaining multiple key derivation functions together



Hi,
I was looking at PBKDF2, bcrypt and scrypt as options for key derivation; and would like to try using them all together in order to get the cryptographic strength of the strongest one (which seems to be scrypt so far unless something novel is discovered, but the assumption is that it is not known which one is the strongest).
 My first thought was to apply the first kdf to the password, then apply the second kdf to the obtained key (using it as the second password), and then the third. Is there something inherently wrong with this?
I saw a different approach posted by user perseids here:
http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html
I quote: "Derive p_1 = HMAC(Salt1+"PBKDF2") with key sha256(p), p_2 = HMAC(Salt2+"bcrypt") with key sha1(p) and p_3 = HMAC(Salt3+ "scrypt") with key sha1(p). Derive key k1, k2 and k3 by using the key derivation function PBKDF2, bcrypt and scrypt respectively, each of them using 1/30 seconds CPU time with input p_1, p_2 and p_3 respectively. Compute the key (or database reference entry) as sha256(k1+k2+k3). Here "+" designates the concatenation of byte arrays. "
So basically the 3 kdfs are applied in parallel, and the resulting keys are concatenated and then hashed together. What do you guys think about this one? Is this obviously superior to just applying the multiple kdf "in series"?
Also, I haven't looked at the sources of the scrypt utility yet, is it straightforward to take the source files from there to use scrypt as a function call from another program? Or is there a scrypt library specifically for that?
Thank you!