Abstract
Password-based key derivation functions are of particular interest in cryptography because they (a) input a password/passphrase (which usually is short and lacks enough entropy) and derive a cryptographic key; (b) slow down brute force and dictionary attacks as much as possible. In PKCS#5 [17], RSA Laboratories described a password based key derivation function called PBKDF2 that has been widely adopted in many security related applications [6, 7, 11]. In order to slow down brute force attacks, PBKDF2 introduce CPU-intensive operations based on an iterated pseudorandom function. Such a pseudorandom function is HMAC-SHA-1 by default. In this paper we show that, if HMAC-SHA-1 is computed in a standard mode without following the performance improvements described in the implementation note of RFC 2104 [13] and FIPS 198-1 [14], an attacker is able to avoid 50 % of PBKDF2’s CPU intensive operations, by replacing them with precomputed values. We note that a number of well-known and widely-used crypto libraries are subject to this vulnerability.In addition to such a vulnerability, we describe some other minor optimizations that an attacker can exploit to reduce even more the key derivation time.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
At the time of writing this represents 58 % of the Android devices market share (see developer.android.com).
- 2.
Readers note that the weakness is independent of the hash functions used and remains valid with any others.
References
ARM mbed TLS, Version: 1.3.11. https://tls.mbed.org/
EncFS Encrypted Filesystem. https://sites.google.com/a/arg0.net/www/encfs
GNU GRUB Manual, Version: 2.00. http://www.gnu.org/software/grub/manual/grub.html
Libgcrypt, Version: 1.6.3. https://www.gnu.org/software/libgcrypt/
RAR Archive Format, Version: 5.0. http://www.rarlab.com/technote.htm
Apple Inc.: Best Practices for Deploying FileVault 2. Technical report (2012). http://training.apple.com/pdf/WP_FileVault2.pdf
Bossi, S., Visconti, A.: What users should know about full disk encryption based on LUKS. In: Proceedings of the 14th International Conference on Cryptology and Network Security (2015)
Choudary, O., Grobert, F., Metz, J.: Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption. Cryptology ePrint Archive, Report 2012/374 (2012). https://eprint.iacr.org/2012/374.pdf
Fruhwirth, C.: New methods in hard disk encryption (2005). http://clemens.endorphin.org/nmihde/nmihde-A4-ds.pdf
Fruhwirth, C.: LUKS On-Disk Format Specification Version 1.2.1 (2011). http://wiki.cryptsetup.googlecode.com/git/LUKS-standard/on-disk-format.pdf
IEEE 802.11 WG: Part 11: wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Std 802.11 i-2004 (2004)
Krawczyk, H.: Cryptographic Extraction and Key Derivation: The HKDF Scheme. Cryptology ePrint Archive, Report 2010/264 (2010)
Krawczyk, H., Bellare, M., Canetti, R.: RFC 2104: HMAC: Keyed-hashing for message authentication (1997)
NIST: FIPS PUB 198: The Keyed-Hash Message Authentication Code (HMAC) (2002)
NIST: SP 800–132: Recommendation for password-based key derivation (2010)
NIST: SP 800–63-2 Version 2: Electronic authentication guideline (2013)
RSA Laboratories: PKCS #5 V2.1: Password Based Cryptography Standard (2012)
Shannon, C.E.: Prediction and entropy of printed English. Bell Syst. Tech. J. 30(1), 50–64 (1951)
Steube, J.: Optimizing computation of Hash-Algorithms as an attacker (2013). http://hashcat.net/events/p13/js-ocohaaaa.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Visconti, A., Bossi, S., Ragab, H., Calò, A. (2015). On the Weaknesses of PBKDF2. In: Reiter, M., Naccache, D. (eds) Cryptology and Network Security. CANS 2015. Lecture Notes in Computer Science(), vol 9476. Springer, Cham. https://doi.org/10.1007/978-3-319-26823-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-26823-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26822-4
Online ISBN: 978-3-319-26823-1
eBook Packages: Computer ScienceComputer Science (R0)