Paper 2024/935
MFKDF: Multiple Factors Knocked Down Flat
, ETH Zurich, ETH Zurich, University of California, San DiegoAbstract
Nair and Song (USENIX 2023) introduce the concept of a Multi-Factor Key Derivation Function (MFKDF), along with constructions and a security analysis. MFKDF integrates dynamic authentication factors, such as HOTP and hardware tokens, into password-based key derivation. The aim is to improve the security of password-derived keys, which can then be used for encryption or as an alternative to multi-factor authentication. The authors claim an exponential security improvement compared to traditional password-based key derivation functions (PBKDF). We show that the MFKDF constructions proposed by Nair and Song fall short of the stated security goals. Underspecified cryptographic primitives and the lack of integrity of the MFKDF state lead to several attacks, ranging from full key recovery when an HOTP factor is compromised, to bypassing factors entirely or severely reducing their entropy. We reflect on the different threat models of key-derivation and authentication, and conclude that MFKDF is always weaker than plain PBKDF and multi-factor authentication in each setting.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. Minor revision. USENIX SECURITY 2024
- Keywords
- cryptanalysiskey derivationmulti-factor authenticationPBKDF
- Contact author(s)
-
matteo scarlata @ inf ethz ch
mbackendal @ inf ethz ch
mhaller @ ucsd edu - History
- 2024-07-26: revised
- 2024-06-11: received
- See all versions
- Short URL
- https://ia.cr/2024/935
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/935,
author = {Matteo Scarlata and Matilda Backendal and Miro Haller},
title = {{MFKDF}: Multiple Factors Knocked Down Flat},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/935},
year = {2024},
url = {https://eprint.iacr.org/2024/935}
}
