Join Log in
Score:1
Andy avatar Crypto

Is it reasonable to use DRBG and PBKDF together?

pe flag
Andy

I want to generate a random number using DRBG with below follow: Entropy source -> DRBG -> PBKDF

adding PBKDF is redundant ?

60
0 + 0
Score:3
SAI Peregrinus avatar Crypto
si flag
SAI Peregrinus

A PBKDF is a password-based key derivation function. The output of a DRBG is NOT a password.

A DRBG's output could be used as an input to a key derivation function, if (and only if) that DRBG is cryptographically secure (AKA a CSPRNG). For example RSA requires picking two large prime numbers randomly, and CSPRNGs are used to supply data for RSA KDFs.

It's often useless to use a standard KDF to generate symmetric keys based on the output of a DRBG. If the DRBG isn't a CSPRNG, the output isn't secure. If it is, the KDF is unnecessary, one could just generate more bits! The exception is with "ratcheting" schemes where a KDF is used on a previous key and some other data to derive the next key key. The first key in the sequence might have been generated with the use of a CSPRNG.

0 + 0
Maarten Bodewes avatar
in flag
Maarten Bodewes
I agree mostly, but generating a master secret (using a DRBG) and then deriving additional keys using a KBKDF would be a fine practice.
0
Reply
SAI Peregrinus avatar
si flag
SAI Peregrinus
Agreed. I try to get at this with the last paragraph: it's not generally necessary, but it can be useful, particularly for ratchet schemes.
0
Reply
Maarten Bodewes avatar
in flag
Maarten Bodewes
I could also see it useful if there are multiple ways that a master secret can be formed, not just generation using a PRNG.
1
Reply
Score:0
avatar Crypto
kr flag
mentallurg

I assume you use a secure DRBG.

If you have little entropy, e.g. 8 bits per request, then the results of DRBG will be easily predictable. Knowing a few values previous numbers can allow to predict further numbers.

Applying PBKDF does not help. And for PBKDF (if you mean PBKDF2, Argon, Makwa, scrypt etc.) you will normally need further random number, means you will need further entropy. Better is to us this entropy in DRBG directly.

If DRBG is secure and accepts sufficiently long input/seed, collect sufficient entropy, e.g. 128 bit, and use pure DRBG.

0 + 0
Andy avatar
pe flag
Andy
Yes, entropy source are from TRNG and use secure DRBG.
0
Reply
kr flag
mentallurg
@Andy: Then just collect sufficient entropy (depending on what you consider secure for your purpose, e.g. 128 bit), and use pure DRBG.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.