Using Spritz as a Password-Based Key Derivation Function
Even if combined with other techniques, passwords are still the main way of authentication in many services and systems. Attackers can usually test many passwords very quickly when using standard hash functions, so specific password hashing algorithms have been designed to slow down brute force attacks.
Spritz is a sponge-based stream cipher intended to be a drop-in replacement for RC4. It is more secure, more complex and more versatile than RC4. Since it is based on a sponge function, it can be employed for other applications like password hashing.
In this paper we build upon Spritz to construct a password hashing algorithm and study its performance and suitability.
KeywordsPassword PBKDF Cryptography Spritz Hash
Research partially supported by the Spanish MINECO and FEDER under Project Grant TEC2014-54110-R.
- 1.Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponge functions (2011). http://sponge.noekeon.org/
- 2.Biryukov, A., Dinu, D., Khovratovich, D.: Argon2: the memory-hard function for password hashing and other applications. In: Password Hashing Competition Winner (2016). https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
- 4.Forler, C., Lucks, S., Wenzel, J.: The Catena Password-Scrambling Framework. Version 3.2, Bauhaus-Universitt Weimar (2015). https://www.uni-weimar.de/fileadmin/user/fak/medien/professuren/Mediensicherheit/Research/Publications/catena-v3.2.pdf
- 6.Kaliski, B.: PKCS #5: Password-Based Cryptography Specification Version 2.0. Internet Engineering Task Force, Network Working Group, Request for Comments (RFC) 2898 (2000). https://tools.ietf.org/html/rfc2898#section-5.2
- 9.Percival, C.: Stronger key derivation via sequential memory-hard functions. In: BSDCan - The BSD Conference (2009). http://www.bsdcan.org/2009/schedule/attachments/87_scrypt.pdf
- 10.Pornin, T.: The MAKWA Password Hashing Function. Version 1.1. Password Hashing Competition finalist (2015). http://www.bolet.org/makwa/makwa-spec-20150422.pdf
- 11.Provos, N., Mazieres, D.: A Future-adaptable password scheme. In: USENIX Annual Technical Conference, FREENIX track, pp. 81–91 (1999)Google Scholar
- 12.Rivest, R.L.: The RC4 Encryption Algorithm. RSA Data Security Inc. (1992)Google Scholar
- 13.Rivest, R.L., Schuldt, J.: Spritz - a spongy RC4-like stream cipher and hash function. In: Presented at CRYPTO 2014 Rump Session (2014). http://people.csail.mit.edu/rivest/pubs/RS14.pdf
- 14.Sengupta, S., Maitra, S., Paul, G., Sarkar, S.: RC4: (Non-) random words from (non-) random permutations. IACR Cryptology ePrint Archive 2011:448 (2011)Google Scholar
- 15.Simplicio, M.A., Almeida, L.C., Andrade, E.R., dos Santos, P.C.F., Barreto, P.S.L.M.: Lyra2: Password hashing scheme with improved security against time-memory trade-offs. IACR Cryptology ePrint Archive 2015:136 (2015)Google Scholar
- 16.Solar Designer: yescrypt - password hashing scalable beyond bcrypt and scrypt. Presented at PHDays 2014. Openwall (2014). http://www.openwall.com/presentations/PHDays2014-Yescrypt/PHDays2014-Yescrypt.pdf
- 17.Zoltak, B.: Statistical weakness in Spritz against VMPC-R: in search for the RC4 replacement. IACR Cryptology ePrint Archive 2014:985 (2014)Google Scholar
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (http://creativecommons.org/licenses/by-nc/2.5/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.