Top

Published in:

2017 | OriginalPaper | Chapter

Using Spritz as a Password-Based Key Derivation Function

Authors : Rafael Álvarez, Antonio Zamora

Published in: International Joint Conference SOCO’16-CISIS’16-ICEUTE’16

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Even if combined with other techniques, passwords are still the main way of authentication in many services and systems. Attackers can usually test many passwords very quickly when using standard hash functions, so specific password hashing algorithms have been designed to slow down brute force attacks.

Spritz is a sponge-based stream cipher intended to be a drop-in replacement for RC4. It is more secure, more complex and more versatile than RC4. Since it is based on a sponge function, it can be employed for other applications like password hashing.

In this paper we build upon Spritz to construct a password hashing algorithm and study its performance and suitability.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Intrusion Detection with Neural Networks Based on Knowledge Extraction by Decision Tree

next chapter A Multiresolution Approach for Blind Watermarking of 3D Meshes Using Spiral Scanning Method

Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponge functions (2011). http://sponge.noekeon.org/

Biryukov, A., Dinu, D., Khovratovich, D.: Argon2: the memory-hard function for password hashing and other applications. In: Password Hashing Competition Winner (2016). https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf

Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001). doi:10.1007/3-540-45537-X_1CrossRefMATH

Forler, C., Lucks, S., Wenzel, J.: The Catena Password-Scrambling Framework. Version 3.2, Bauhaus-Universitt Weimar (2015). https://www.uni-weimar.de/fileadmin/user/fak/medien/professuren/Mediensicherheit/Research/Publications/catena-v3.2.pdf

Hellman, M.E.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theory 26(4), 401–406 (1980)MathSciNetCrossRefMATH

Kaliski, B.: PKCS #5: Password-Based Cryptography Specification Version 2.0. Internet Engineering Task Force, Network Working Group, Request for Comments (RFC) 2898 (2000). https://tools.ietf.org/html/rfc2898#section-5.2

Klein, A.: Attacks on the RC4 stream cipher. Des. Codes Crypt. 48(3), 269–286 (2008). SpringerMathSciNetCrossRefMATH

Paul, G., Maitra, S.: RC4 Stream Cipher and Its Variants. CRC Press, Boca Raton (2012)MATH

Percival, C.: Stronger key derivation via sequential memory-hard functions. In: BSDCan - The BSD Conference (2009). http://www.bsdcan.org/2009/schedule/attachments/87_scrypt.pdf

10.

Pornin, T.: The MAKWA Password Hashing Function. Version 1.1. Password Hashing Competition finalist (2015). http://www.bolet.org/makwa/makwa-spec-20150422.pdf

11.

Provos, N., Mazieres, D.: A Future-adaptable password scheme. In: USENIX Annual Technical Conference, FREENIX track, pp. 81–91 (1999)

12.

Rivest, R.L.: The RC4 Encryption Algorithm. RSA Data Security Inc. (1992)

13.

Rivest, R.L., Schuldt, J.: Spritz - a spongy RC4-like stream cipher and hash function. In: Presented at CRYPTO 2014 Rump Session (2014). http://people.csail.mit.edu/rivest/pubs/RS14.pdf

14.

Sengupta, S., Maitra, S., Paul, G., Sarkar, S.: RC4: (Non-) random words from (non-) random permutations. IACR Cryptology ePrint Archive 2011:448 (2011)

15.

Simplicio, M.A., Almeida, L.C., Andrade, E.R., dos Santos, P.C.F., Barreto, P.S.L.M.: Lyra2: Password hashing scheme with improved security against time-memory trade-offs. IACR Cryptology ePrint Archive 2015:136 (2015)

16.

Solar Designer: yescrypt - password hashing scalable beyond bcrypt and scrypt. Presented at PHDays 2014. Openwall (2014). http://www.openwall.com/presentations/PHDays2014-Yescrypt/PHDays2014-Yescrypt.pdf

17.

Zoltak, B.: Statistical weakness in Spritz against VMPC-R: in search for the RC4 replacement. IACR Cryptology ePrint Archive 2014:985 (2014)

Title: Using Spritz as a Password-Based Key Derivation Function
Authors: Rafael Álvarez
Antonio Zamora
Publisher: Springer International Publishing
Book: International Joint Conference SOCO’16-CISIS’16-ICEUTE’16
Print ISBN: 978-3-319-47363-5

Electronic ISBN: 978-3-319-47364-2

Copyright Year: 2017
DOI: https://doi.org/10.1007/978-3-319-47364-2_50

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner