SHA1DKx is a family of closely-related security primitives for producing derived keys from passwords or other shared keys. The primary application for SHA1DKx is derivation of authentication codes for confirmation of a password entry.
The SHA1DKx are also suitable for creation of authz160 tear-off authentication stubs that are not dependent on the password and cannot be attacked to discover the password. In this case, the portion of the authentication "ticket" that does depend on the password is not revealed.
The SHA1DKx procedures employ a salted, iterated digest along with an optional context-specific (and possibly-secret) inclusion that prevents the same password and salt from having the same derived key/authentication-code value in different contexts. If SHA1DKx-derived authentication codes are not protected as secrets, the confidentiality of the password is not ensured.
SHA1DKx is essentially a profile of PBKDF2-SHA1 key derivation and can be used for derivation of cryptographic keys from passwords as well. SHA1DKx rely on existing, well-known cryptographic primitives that are generally already available to applications where SHA1DKx is useful.
- Hamilton, Dennis E.
- SHA1DKx Concept. nfoWorks nfoNote folio n120802 0.00, September 5, 2012. Accessed at <http://nfoWorks.org/notes/2012/08/n120802.htm>.
created 2012-08-29-15:17 -0700 (pdt) by