Cryptology ePrint Archive: Report 2019/161

Understanding Optimizations and Measuring Performances of PBKDF2

Andrea Francesco Iuorio and Andrea Visconti

Abstract: Password-based Key Derivation Functions (KDFs) are used to generate secure keys of arbitrary length implemented in many security-related systems. The strength of these KDFs is the ability to provide countermeasures against brute-force/dictionary attacks. One of the most implemented KDF is PBKDF2. In order to slow attackers down, PBKDF2 uses a salt and introduces computational intensive operations based on an iterated pseudo-random function. Since passwords are widely used to protect personal data and to authenticate users to access specific resources, if an application uses a small iteration count value, the strength of PBKDF2 against attacks performed on low-cost commodity hardware may be reduced. In this paper we introduce the cryptographic algorithms involved in the key derivation process, describing the optimization techniques used to speed up PBKDF2-HMAC-SHA1 in a GPU/CPU context. Finally, a testing activities has been executed on consumer-grade hardware and experimental results are reported.

Category / Keywords: implementation / passwords , PBKDF2 , HMAC-SHA1 , optimizations , CPU-intensive operations , performance testing

Original Publication (with minor differences): Proceedings of the 2nd International Conference on Wireless, Intelligent and Distributed Environment for COMmunication (WIDECOM 2019), Springer International Publishing, Lecture Notes on Data Engineering and Communications Technologies, Vol. 27, 2019.

Date: received 14 Feb 2019

Contact author: andrea visconti at unimi it

Available format(s): PDF | BibTeX Citation

Version: 20190220:174042 (All versions of this report)

Short URL: ia.cr/2019/161


[ Cryptology ePrint archive ]