[tahoe-dev] What is the 100 year crypto KDF?

Jack Lloyd lloyd at randombit.net
Mon Jun 7 07:12:39 PDT 2010


For the 100 Year Crypto project, we need to define a KDF that can be
used to generate some cryptovariables:

 - AES key (of currently unspecified length; 128, 192, or 256 bits)
 - AES CTR IV (128 bits)
 - XSalsa20 key (256 bits)
 - XSalsa20 IV (192 bits)

Assuming AES-256, that's 832 bits or 104 bytes of cryptomaterial.

Zooko had suggested using XSalsa20 as a KDF. One the one hand it seems
reasonable, but the fixed input sizes of XSalsa20 make this somewhat
odd; we must provide exactly a 256 bit key and a 192 bit IV.

So, the question is, how are these generated?

One obvious approach for the key is to use SHA-256d(tag || key_material)
as the XSalsa20 key; SHA-256d produces the right size for XSalsa20 but
allows arbitrary length inputs to the KDF.

Part of this is my limitations on knowledge of the current Tahoe
crypto. How are AES keys/IVs currently generated?

-Jack


More information about the tahoe-dev mailing list