[tahoe-dev] {Spam?} What is the 100 year crypto KDF?

Samuel Neves sneves at dei.uc.pt
Thu Jun 10 09:34:12 PDT 2010


Why not use Comb4P with some normal KDF, such as PBKDF2? Comb4P is
already being planned for hashing, anyway.

Best regards,
Samuel Neves

On 07-06-2010 15:12, Jack Lloyd wrote:
> For the 100 Year Crypto project, we need to define a KDF that can be
> used to generate some cryptovariables:
>
>  - AES key (of currently unspecified length; 128, 192, or 256 bits)
>  - AES CTR IV (128 bits)
>  - XSalsa20 key (256 bits)
>  - XSalsa20 IV (192 bits)
>
> Assuming AES-256, that's 832 bits or 104 bytes of cryptomaterial.
>
> Zooko had suggested using XSalsa20 as a KDF. One the one hand it seems
> reasonable, but the fixed input sizes of XSalsa20 make this somewhat
> odd; we must provide exactly a 256 bit key and a 192 bit IV.
>
> So, the question is, how are these generated?
>
> One obvious approach for the key is to use SHA-256d(tag || key_material)
> as the XSalsa20 key; SHA-256d produces the right size for XSalsa20 but
> allows arbitrary length inputs to the KDF.
>
> Part of this is my limitations on knowledge of the current Tahoe
> crypto. How are AES keys/IVs currently generated?
>
> -Jack
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at allmydata.org
> http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
>
>   



More information about the tahoe-dev mailing list