Can I use PBKDF2 to generate the AES256 key for encryption and implicit authentication?

Question

Can I use PBKDF2 to generate the AES256 key for encryption and implicit authentication?

I have 2 devices, and I want to configure a secure communication channel between them. The only common secret is a passphrase (7 to 20 ASCII characters). If I use PBKDF2 (from RFC 2898) with a common salt, iterations and passphrase to generate the AES256-CBC and IV key on both sides, I think I can authenticate the user and provide an encrypted channel in one step. Is this true, or are there some reasons why I saw people use PBKDF2 to verify passwords?

My reasoning is that both parties must know the passphrase to generate the same key and IV. Therefore, if device B can decrypt data from device A, they both have demonstrated that they have the same passphrase.

+5

security cryptography encryption

indiv Dec 01 '10 at 0:41

source share

4 answers

, , , . , , , , ; , . , .

MAC .

PBKDF2 IV, . IV .

+2

erickson 01 . '10 0:50

PBKDF2 . .

, , . PBKDF2. .

, , PBKDF2, . , , .

, .

, , .

+1

Cheeso 01 . '10 0:49

- . , , . , .

-1

user249228 01 . '10 13:40

caf · Accepted Answer · 2010-12-01T01:27:16+0000

PBKDF2 is a great way to generate a shared key from a shared secret (you should not generate an IV this way, though - an IV should be random and sent along with the ciphertext).

CBC . - , . .

, , (GCM) CBC.

Encrypt-Then-MAC. PBKDF2 - CBC , HMAC .

non-use-nonces.

Can I use PBKDF2 to generate the AES256 key for encryption and implicit authentication?

More articles: