Score:0

PBKDF2 with pepper

in flag

The main purpose of PBKDF2 is to generate a strong key from a weak password by using an input (the weak password) and a salt (which is stored in plaintext).

Is it useful to use a pepper with PBKDF2 ?
and if it so, what is the best way to do it and why:

  1. do a PRF (e.g. HMAC) on the weak password with the pepper and use the result as the PBKDF2 input ?
  2. do the PBKDF2 first then do a PRF (e.g. HMAC) on the ouput with the pepper ?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.