Talk:PBKDF2: Difference between revisions

Cryptography: Computer science Unassessed

This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles ??? This article has not yet received a rating on Wikipedia's content assessment scale. ??? This article has not yet received a rating on the importance scale. This article is supported by WikiProject Computer science.

Some naming needs to be sorted out for this article. Should there be a general Password Key Derivation Function page and discuss PBKDF1 and 2 there? Or should PBKDF be a page, and discuss 1 and 2 there? or should 1 and 2 be seperated into their own pages? Thoughts? --ORBIT 18:46, 28 Mar 2005 (UTC)

Thoughts: there is already a general page, I believe: Key derivation function. I think the PBKDF stuff can be treated separately, but my hunch is that it's best to cover both PBKDF 1 & 2 in the same article, in which case we might consider renaming this article PBKDF2 -> PBKDF. — Matt Crypto 19:56, 28 Mar 2005 (UTC)

However PBKDF2 pretty much obsoleted PBKDF1, so I suppose it v1 merits a historical footnote in PBKDF2 and not its own article. jett 18:56, 27 April 2007 (UTC)[reply]

I agree with Matt Crypto. PBKDF2 has undesirable properties (see last paragraph of Key derivation function) which should be addressed by future releases of the standard (PBKDF3, perhaps?). Covering all of them in the same article will show the progression, and point out the latest version to the reader. Rein Radin (talk) 03:34, 9 August 2009 (UTC)[reply]

The given explanation of the derivation procedure is more accurate for the earlier PBKDF1. An explanation of the differences between versions 1 and 2 could be used to expand the article and drop the "stub" tag.Giordano87 (talk) 01:06, 7 October 2010 (UTC)[reply]

Some not very wide used programms were added into Software section. But I think, the wikipedia is not a WP:DIRECTORY of programms, which uses PBKDF2, because PBKDF2 is easy to implement and it is an open standard. So, I deleted a lot of software in this list. `a5b (talk) 23:32, 26 May 2011 (UTC)[reply]

WPA2 formula mentioned is contradicting with what CWSP book by Sybex is saying. In the book, the formula is: PSK = PBKDF2(passphrase,ssid,ssidlength,40926,256). book: CWSP Certified Wireless Security Professional Official study guide. By David Coleman and others. ISBN: 978-0-470-43891-6 Page 206 Amjad Abdullah (talk) 10:22, 22 April 2012 (UTC)[reply]

As far as I know, no independent cryptographic analysis has been performed on the scrypt proposal. Until such is available, I think it's a bad idea for WP to claim that it is "stronger". — Preceding unsigned comment added by 71.195.220.229 (talk) 06:33, 8 July 2012 (UTC)[reply]

I read this article and was very confused by how complicated math terminology is being used to obscure something so simple:

DK = PBKDF2(PRF, P,S,c,dkLen)

Seriously? DK, PDF, P, S, c, dkLen? Is Wikipedia running out of letters? There's a whole section explaining what these variables mean and most of it's unnecessary if you give them names that make sense:

Derived Key = PBKDF2(Pseudorandom Function, Password, Salt, Iterations, Output Length)

Unfortunately, the section below relies on this too so most of the article would need to be rewritten. I've made a note to do this, but I figured I'd mention it here in case other people can think of a simpler solution.--Korin43 (talk) 21:14, 21 September 2012 (UTC)[reply]