Talk:Key derivation function

Cryptography: Computer science Start‑class

This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography Start This article has been rated as Start-class on Wikipedia's content assessment scale. ??? This article has not yet received a rating on the importance scale. This article is supported by WikiProject Computer science.

Computing: Security C‑class Low‑importance

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing C This article has been rated as C-class on Wikipedia's content assessment scale. Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Computer security. Things you can help WikiProject Computer security with: edit history watch purge Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

I agree the following is a correct statement:

Modern password-based key derivation functions, such as PBKDF2 (specified in RFC 2898), use a cryptographic hash, such as MD5 or SHA1, more salt (e.g. 64 bits) and a high iteration count (often 1000 or more).

However, I feel mentioning MD5 is an implicit approval of the algorithm. MD5 was broken some time ago, and its often available for compatibility only. For example, MD5 is banned from US Federal use except in some compatibility cases such as use in SSL/TLS as part of pseudorandom number generator component. Additionally, others, such as the author of md5crypt, has stated the algorithm is broken, should not be used, and the program is at End of Life.

Would it be possible to yank references to MD5 that sound like an endorsement? In its place, mention Whirlpool, which is NESSIE and ISO/IEC approved. More importantly, the SHA-2 family and Whirlpool's security properties are in tact.

It is not the purpose of wikipedia to define new standards, to revise existing protocols or to make endorsements. Doing this is the goal of a standardization process. What wikipedia should do is to report on existing standards and give references to attacks and criticism. E.g., a reader who wants to know if the weaknesses of MD5 decrease the security of PBKDF2 with MD5 might be interested in research papers about the topic or recommendations from the crypto community. However, you can't just go and express your opinion. Hence, the text you quote is OK, since RFC 2898 does explicitely mention MD5 and SHA1, but not Whirlpool. Furthermore, MD5 and SHA1 are indeed currently used in practice. So the text does reflect the current state. Generally all statements on wikipedia should be verifiable. E.g., your recent change that salts should be 128 bit long are the same as NIST SP 800-132 Section 5.1, but without a reference such a claim on wikipedia is of little help. 178.195.225.28 (talk) 05:43, 16 July 2012 (UTC)[reply]