16th USENIX Security Symposium – Abstract
Pp. 119–134 of the Proceedings
Halting Password Puzzles: Hard-to-break Encryption from Human-memorable Keys
Xavier Boyen, Voltage Security, Inc.
We revisit the venerable question of “pure password”- based key derivation and encryption, and expose security weaknesses in current implementations that stem from structural flaws in Key Derivation Functions (KDF). We advocate a fresh redesign, named Halting KDF (HKDF), which we thoroughly motivate on these grounds:
HKDFs are practical and universal: they work with any password, any hardware, and a minor change to the user interface. As a demonstration, we offer realworld implementations for the TrueCrypt and GnuPG packages, and discuss their security benefits in concrete terms.
By letting password owners choose the hash iteration
count, we gain operational flexibility and eliminate
the rapid obsolescence faced by many existing schemes.
By throwing a Halting-Problem wrench in the
works of guessing that iteration count, we widen the security
gap with any attacker to its theoretical optimum.
By parallelizing the key derivation, we let legitimate
users exploit all the computational power they can
muster, which in turn further raises the bar for attackers.
- View the full text of this paper in HTML and PDF. Listen to the presentation in MP3 format.
Until August 2008, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2007 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.