kdf – WindowsTechs.com

Searchable encryption for phone numbers

Posted on July 15, 2024 by Stefan van den Akker

I have a table in Postgres that stores phone numbers. Since phone
numbers are considered PII, I cannot store them as plaintext.
For other PII fields, I use AES-256-CBC. However, the requirements are that phone numbers are

part of a unique… Continue reading Searchable encryption for phone numbers→

Debug bcrypt iterations with a static salt [closed]

Posted on September 21, 2022 by Ghost Rider

I want to debug bcrypt rounds with a static salt using this python lib
import bcrypt
salt = bcrypt.gensalt(14)
password = b"foo"
foo_1_round = bcrypt.kdf(password, salt, desired_key_bytes=10, rounds=1)
foo_2_rounds_manually = bcr… Continue reading Debug bcrypt iterations with a static salt [closed]→

KDF vs hash function in loop for hashing password

Posted on September 20, 2022 by Ghost Rider

I’m trying to grasp which benefit can KDF like PBKDF2, scrypt and bcrypt (I know that bcrypt is technically not KDF) may bring over hashing in loop like sha256sum(sha256sum(sha256sum…..(salt + master password))) – N times, where N equals… Continue reading KDF vs hash function in loop for hashing password→

Key derivation for password manager backup?

Posted on May 6, 2022 by Fax

Backing up your password manager is a good idea in case your house burns down, but where do you store the password to the off-site backup?
Remembering the master password is easy, but re-using the master password directly for my off-site b… Continue reading Key derivation for password manager backup?→

Verify password before decrypting data

Posted on February 28, 2022 by Bernardo1r

I need to verify a password before decrypting the data. My encrypted data is too big and waiting to see if the authentication tag is correct is out of the question. I’m using Argon2id as my KDF. My question is, can I hash the derived key w… Continue reading Verify password before decrypting data→

SCrypt’s goal and the role its salt plays

Posted on February 17, 2022 by Neev Penkar

Am I right in stating that SCrypt as an algorithm is useful where many passwords are stored in a database, but not against one specific encryption key derived from one password of one user?
For example, let there be a password, a salt, and… Continue reading SCrypt’s goal and the role its salt plays→

Use PBKDF2 for both authentication and decryption on NodeJS

Posted on August 26, 2021 by vrtjason

I am using PBKDF2 on NodeJS to authenticate a user who submits username & password. To do this, when the user first registers, I generate a salt, I use 200000 iterations, I specify a key length of 32 bytes, and I use sha256 as the dige… Continue reading Use PBKDF2 for both authentication and decryption on NodeJS→

TLS 1.3 HKDF-Expand references to Hello messages

Posted on April 1, 2021 by Liam Kelly

I am looking into TLS 1.3 implementations and am a little confused about what is being referenced in the HKDF functions. Specifically the last argument in the Dervice_Secret wrapper function. From RFC 8446:
PSK -> = Early Secret
… Continue reading TLS 1.3 HKDF-Expand references to Hello messages→

Can a salt be a random ASCII string or be derived from one?

Posted on March 21, 2020 by villasv

I’m using a KDF (PBKDF2HMAC) to generate a Fernet key from a given password, but to do so I also need to generate and store a salt.

import base64
import os
from cryptography.fernet import Fernet
from cryptography.hazmat.ba… Continue reading Can a salt be a random ASCII string or be derived from one?→

Argon2id key derivation rate calculation question

Posted on December 30, 2019 by Bacon

Just wanted to know if this was an accurate way of determining how long it would take someone with an 8GB GPU to derive 1 million keys using some assumed parameters below:

Time per derivation………..: 3.5 seconds
Memory required per de… Continue reading Argon2id key derivation rate calculation question→