Small knowledge, big challenge! This paper is participating in theEssentials for programmers”Creative activities

[toc]

Introduction to the

1Password is a very excellent password management software, with it you can easily manage your password, so as not to worry about the problem of password leakage, according to the official introduction of 1Password, its underlying use PBKDF2 algorithm to encrypt passwords.

So who is PBKDF2? What is it about 1Password that makes it so appealing? Take a look.

PBKDF2 and PBKDF1

PBKDF stands for Password-based Key Function. In a nutshell, PBKDF is the Derivation of the Derivation of passwords. If you have PBKDF2 you have to have PBKDF1, so what’s the difference between the two?

PBKDF2 is a standard in the PKCS family. Specifically, it is version 2.0 of PKCS#5, also released as RFC 2898. It’s a substitute for PBKDF1, why would it replace PBKDF1? That’s because PBKDF1 can only generate 160bits of key, which can no longer meet our encryption needs with the rapid development of computer performance today. So it’s replaced by PBKDF2.

In RFC 8018 (PKCS #5 V2.1) released in 2017, PBKDF2 is suggested as the standard for cryptographic hashing.

PBKDF2 and PBKDF1 are designed to prevent brute force cracking, so automatic adjustment of computing power is included in the design to prevent brute force cracking.

Workflow of PBKDF2

PBKDF2 actually applies pseudorandom Function PRF (Pseudorandom Function) to the input password and salt, generates a hash value, and then applies the hash value as an encryption key to the subsequent encryption process, and so on, repeats this process for many times. This makes password cracking more difficult, a process also known as password hardening.

Let’s look at a standard PBKDF2 working flow chart:

Can be seen in the figure, the initial password with the salt after the operation of the PRF generates a key, and then the key as the input of the next encryption and password again after PRF operation, generates subsequent key, so repeated many times, the generated key do exclusive or operation, to generate the final T, then combine these the resulting T, Generate the final password.

According to the 2000 recommendations, it is generally safe to do this more than 1,000 times. Of course, this number will also change as the CPU’s computing power increases. This number can be adjusted according to the requirements of safety.

With traversal, why add salt? Salt is added to prevent rainbow list attacks on passwords. This means that an attacker cannot pre-select the hash value for a particular password, which improves security because it cannot be predicted in advance. The standard salt length recommendation is 64bits, and the national institute of standards and technology recommends 128 bits.

Explain the key generation process of PBKDF2

In the previous section, we showed you how PBKDF2 works in an easy-to-understand way. In general, this layer is enough, but if you want to take a deeper look at the underlying principles of key generation for PBKDF2, keep an eye on this section.

PBKDF2 is a function that generates derived keys. As a function, there are inputs and outputs.

DK = PBKDF2(PRF, Password, Salt, c, dkLen)

Copy the code

PBKDF2 has 5 functions. Let’s see what each parameter means:

  • PRF is a pseudo-random hash function that can be replaced as needed, such as as an HMAC function.
  • Password is the primary Password used to generate a derived key.
  • A Salt is a sequence of bits used to Salt a password.
  • C is the number of cycles.
  • DkLen is the length of bits required by the generated key.
  • DK is the last generated derivative key.

In the previous section, we can see that the final derived key is actually composed of several parts. Each T in the figure above represents a part of the derived key. Finally, these T’s are combined to obtain the final derived key, and the formula is as follows:

DK = T1 + T2 +... + Tdklen/hlen Ti = F(Password, c, I)Copy the code

F above is the xor chain traversed c times. The formula is as follows:

F(Password, Salt, c, I) = U1 ^ U2 ^Copy the code

Among them:

U1 = PRF(Password, Salt + INT_32_BE(i))
U2 = PRF(Password, U1)
⋮
Uc = PRF(Password, Uc−1)
Copy the code

HMAC password collision

If PBKDF2’s PRF uses HMAC, some interesting questions will be sent. For HMAC, if the password length is larger than the acceptable length for HMAC, the password is first hashed, and the hash character string is used as the HMAC input.

For example, if the user enters a password like:

    Password: plnlrtfpijpuhqylxbgqiiyipieyxvfsavzgxbbcfusqkozwpngsyejqlmjsytrmd
Copy the code

After an HMAC-SHA1 operation, the following equation can be obtained:

    SHA1 (hex): 65426b585154667542717027635463617226672a
Copy the code

Converting it to a string yields:

    SHA1 (ASCII): eBkXQTfuBqp'cTcar&g*
Copy the code

Therefore, if pbKDF2-HMAC-SHA1 encryption method is used, the following two passwords generate derived keys is the same.

    "plnlrtfpijpuhqylxbgqiiyipieyxvfsavzgxbbcfusqkozwpngsyejqlmjsytrmd"
    "eBkXQTfuBqp'cTcar&g*"
Copy the code

The disadvantage of PBKDF2

PBKDF2 can increase the difficulty of password cracking by adjusting the number of loops. But it is possible to build special processors for it and use very little RAM to hack it. For this reason, cryptographic algorithms such as Bcrypt and Scrypt rely on large amounts of RAM, rendering those cheap ASIC processors useless.

conclusion

The above is a brief introduction to PBKDF2. If you want to know more about it, you can refer to my other articles on cryptography.

This article is available at www.flydean.com/41-pbkdf2/

The most popular interpretation, the most profound dry goods, the most concise tutorial, many tips you didn’t know waiting for you to discover!

Welcome to pay attention to my public number: “procedures those things”, understand technology, more understand you!