Ben Laurie <[EMAIL PROTECTED]> writes:
>OK, so if I've got a passphrase of arbitrary length, and I wish to
>condense it to make a key of length n bits (n > 160), what's the
>approved method(s) of doing that?
PKCS #5 v2 probably contains the best key derivation mechanism, followed
closely by TLS, then SSL, eventually PGP iterated and salted S2K, and then you
sink into this kind of morass of cruft (PKCS #12, X9.42, CMP, other PGP
variants), and beyond that assorted ad-hoc methods (a single pass through
SHA-1, no salt). Everyone seems to find it necessary to reinvent their own key
derivation mechanism, so there's lots to choose from :-).
Peter.
