pp108 : Process Platform Password Hashing Mechanism through PBKDF2

Process Platform Password Hashing Mechanism through PBKDF2

The PBKDF2 (Password-Based Key Derivation Function) is a password hashing algorithm is part of RSA Public-Key Cryptography Standards (PKCS), which is also published as an RFC 2898. Many hashing algorithms used for password storage, such as MD5 and SHA1, are designed for fast computation and therefore are not very effective in preventing password cracking, especially with techniques like rainbow table. The use of key derivation algorithms to construct password hashes reduce the rate at which passwords can be tested. For a list of systems that use PBKDF2, refer to PBKDF2.

Algorithm specification

The input parameters of the PBKDF2 are as explained below:

DK = PBKDF2(PRF, Password, Salt, C, mkLen)

Where:

DK  is the derived key.

PRF is the pseudo random function. For example: HMAC.

Password is the password of the user.

Salt is the random data used as an additional input to the key derivation function. Using Salt makes it impossible for an attacker to reuse pre-computed hashes against multiple passwords (refer to Cryptographic Salt for more information). Furthermore, using Salt results in different hash values for the same password.

C is the number of times the PRF iterates to generate MK.

mkLen is the desired length of the generated key.

The main purpose of the iteration count (C) is to increase the amount of computation needed to derive a key from a password. While this increases the workload of dictionary attacks, it also increases the authentication time of a legitimate user. For more information on how to set the iteration count, refer to OWASP password storage cheat sheet and  NIST recommendation for password-based key derivation.

The iteration count and the desired length of the derived key can be set with the following properties:

bus.authenticator.cars.password.algorithm.PBKDF2WithHmacSHA1.iterations

Default number of iterations is 64,000 in 2012, doubling every two years. When the above property is set, the iteration count is fixed to the given value; otherwise, the algorithm adapts the iteration count over time.