Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security and Trust Management

STM 2015: Security and Trust Management pp 185–199Cite as

Selecting a New Key Derivation Function for Disk Encryption

  • Conference paper
  • First Online:

  • 765 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9331))

Abstract

Many full disk encryption applications rely on a strong password-based key derivation function to process a passphrase. This article defines requirements for key derivation functions and analyzes recently presented password hashing functions (second round finalists of the Password Hashing Competition) for their suitability for disk encryption.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Password hashing competition (2014). https://password-hashing.net/

  2. Aumasson, J.-P., Neves, S., Wilcox-O’Hearn, Z., Winnerlein, C.: BLAKE2: simpler, smaller, fast as MD5. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 119–135. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  3. Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Sponge functions. Ecrypt Hash Workshop 2007, May 2007

    Google Scholar 

  4. Biryukov, A., Khovratovich, D.: Argon and argon2, January 2015. https://password-hashing.net/submissions/specs/Argon-v2.pdf

  5. Biryukov, A., Khovratovich, D.: Tradeoff cryptanalysis of memory-hard functions. Cryptology ePrint Archive, Report 2015/227 (2015). http://eprint.iacr.org/

  6. Broz, M.: Password Hashing Competition second round candidates - tests Report Technical Report, April 2015. https://github.com/mbroz/PHCtest/raw/master/output/phc_round2.pdf

  7. Cox, B.: Added multi-threading support to test suite. PHC mailing list archive, April 2015. http://article.gmane.org/gmane.comp.security.phc/2915

  8. Dürmuth, M., Güneysu, T., Kasper, M., Paar, C., Yalcin, T., Zimmermann, R.: Evaluation of standardized password-based key derivation against parallel processing platforms. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 716–733. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  9. Forler, C., List, E., Lucks, S., Wenzel, J.: Overview of the candidates for the password hashing competition - and their resistance against garbage-collector attacks. Cryptology ePrint Archive, Report 2014/881 (2014). http://eprint.iacr.org/

  10. Forler, C., Lucks, S., Wenzel, J.: The Catena Password-Scrambling Framework, January 2015. https://password-hashing.net/submissions/specs/Catena-v3.pdf

  11. Fruhwirth, C.: New methods in hard disk encryption. Ph.D. thesis, Institute for Computer Languages Theory and Logic Group Vienna University of Technology (2005). http://clemens.endorphin.org/publications

  12. Gosney, J.M.: The pufferfish password hashing scheme, March 2014. https://password-hashing.net/submissions/specs/Pufferfish-v0.pdf

  13. Hatzivasilis, G., Papaefstathiou, I., Manifavas, C.: Password hashing competition - survey and benchmark. Cryptology ePrint Archive, Report 2015/265 (2015). http://eprint.iacr.org/

  14. Kaliski, B.: PKCS #5: Password-Based Cryptography Specification Version 2.0. RFC 2898 (Informational), September 2000. http://www.ietf.org/rfc/rfc2898.txt

  15. Percival, C.: Stronger key derivation via sequential memory-hard functions, May 2009. http://www.tarsnap.com/scrypt/scrypt.pdf

  16. Peslyak, A.: yescrypt - a password hashing competition submission, January 2015. https://password-hashing.net/submissions/specs/yescrypt-v1.pdf

  17. Pornin, T.: The MAKWA Password Hashing Function, March 2014. https://password-hashing.net/submissions/specs/Makwa-v0.pdf

  18. Simplicio, M.A., Almeida, L.C., Andrade, E.R., Barreto, P.S.L.M.: The Lyra2 reference guide, January 2015. https://password-hashing.net/submissions/specs/Lyra2-v3.pdf

  19. Thomas, S.: battcrypt (Blowfish All The Things), March 2014. https://password-hashing.net/submissions/specs/battcrypt-v0.pdf

  20. Thomas, S.: Parallel, January 2015. https://password-hashing.net/submissions/specs/Parallel-v1.pdf

  21. Turan, M.S., Barker, E.B., Burr, W.E., Chen, L.: SP 800–132. Recommendation for Password-Based Key Derivation: Part 1: Storage Applications. Technical Report, National Institute of Standards and Technology, Gaithersburg, MD, United States (2010)

    Google Scholar 

  22. Wu, H.: POMELO: A Password Hashing Algorithm, January 2015. https://password-hashing.net/submissions/specs/POMELO-v2.pdf

Download references

Author information

Authors and Affiliations

  1. Faculty of Informatics, Masaryk University, Brno, Czech Republic

    Milan Brož & Vashek Matyáš

Authors
  1. Milan Brož
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vashek Matyáš
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Milan Brož .

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università degli Studi di Milano, Crema, Italy

    Sara Foresti

A Appendix

A Appendix

1.1 A.1 PHC Candidate Implementation and Benchmarking Tests

These tests were run for all submitted candidates of the second round of the Password Hashing Competition [1], including new and fixed versions (tweaks of submitted candidates in the first round).

All tests were run on a Lenovo X230 notebook with i5 CPU and 16GB of memory. This machine represents a typical end-user machine (with additional memory). The Intel processor provides both AES-NI and SSE instructions so tests could be performed also for optimized variants.

Variable cost tests use a special utility that measures differences in the memory allocation using the getrusage() system call.

Run-time measurement used clock_gettime(CLOCK_MONOTONIC) on the Linux platform.

The test ran as a special forked process started for each test separately. Tests were repeated 5 times, and the arithmetic mean (for the time) or maximum (for the memory) of the measurements was used.

The tests are not performance tests of the candidates, their major purpose it to verify claimed memory and time configuration and to detect bugs and incompatibilities in reference implementations.

1.2 A.2 PHC Test Report

More measurement outputs were presented in the separate test report [6], including:

  • Test vector generator and checker, intended to verify that functions behave the same on various platforms. As a part of this test we tried to compile the source code on a different endian platform. These tests uncovered that many of the reference implementations are written only for little-endian environments.

  • Tests that try to detect limits (boundary checking) in functions (detection of crashes with wrong parameters, parameter overflows, etc.).

  • Tests based on algorithm analysis where parameters are calculated for an exact numbers of rounds (calls of underlying cryptographic primitive) and several presets of used memory.

  • Output randomness tests: the output should pass all basic randomness tests provided by the Dieharder testsuite. The test generates 32-byte hashes of a consecutive little-endian integer (4 bytes) with a fixed 16 byte salt. The output is written to a file that is passed to the Dieharder testsuite.

  • The complete source code of tested candidate functions and test scripts.

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Brož, M., Matyáš, V. (2015). Selecting a New Key Derivation Function for Disk Encryption. In: Foresti, S. (eds) Security and Trust Management. STM 2015. Lecture Notes in Computer Science(), vol 9331. Springer, Cham. https://doi.org/10.1007/978-3-319-24858-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-24858-5_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-24857-8

  • Online ISBN: 978-3-319-24858-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation