Score:-1

Crypto

Can I use many iterations of HMAC function instead of PBKDF2?

Murrchalkina

2/26/24, 1:36 PM

I know, that PBKDF2 uses HMAC with SHA2 function as PRF. But.. can I use many iterations of HMAC with SHA2 directly? Is this effective and securely? P.S I need the best function, but I can’t use bcrypt, argon, pbkdf2.

1 + 13

hmac

pbkdf-2

fgrieu

2/26/24, 2:19 PM

[PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) is many iterations of HMAC, arranged in a certain way. If you can use many iterations of HMAC, and can decide how, then you can build PBKDF2. Not that it can give "the best function", which requires memory and a [memory-hard](https://en.wikipedia.org/wiki/Memory-hard_function) construction.

samuel-lucas6

2/26/24, 4:00 PM

The alternative is [Balloon](https://crypto.stanford.edu/balloon/), which would be more secure but is [very underspecified](https://github.com/RustCrypto/password-hashes/pull/232).

Murrchalkina

2/26/24, 4:08 PM

@fgrieu Can you suggest best function? Could it be ECC with nistp256 curve? I heard, that it’s secured. What do you think?

Murrchalkina

2/26/24, 4:10 PM

@samuel-lucas6 I can’t use functions like that. I need “default” functions.. Functions, which have implementation in many languages without using user’s libraries

fgrieu

2/26/24, 4:21 PM

PBKDF2 (or nearly equivalently iterations of HMAC) pursue different objectives than "ECC with nistp256 curve". Asking which one to uses without context is like asking; tricycle or glider? Addition: PBKDF2 is a purposely slow key derivation function, sometime used for entropy stretching (but poor at that). "ECC with nistp256 curve" is for things like signature, or public-key encryption, or key exchange.

Murrchalkina

2/26/24, 4:28 PM

@fgrieu But anyway, these are hash functions. I need speed and safety. I understand that they are used for different purposes, but nevertheless, what will be effective for my requirements?

mentallurg

2/26/24, 4:52 PM

@Murrchalkina: *"what will be effective for my requirements"* - What requirements you mean? You have not defined any single requirement.

mentallurg

2/26/24, 5:05 PM

@Murrchalkina: *"Functions, which have implementation in many languages without using user’s libraries"* - What makes you think that SHA2 is available without using libraries? You **contradict to yourself** when you use user library for SHA2, but don't want to use PBKDF2 because it is in the user library.

Murrchalkina

2/26/24, 6:00 PM

I use c# and sha256 is available in system lib. Other functions like bcrypt and other - doesn’t support in system lib

SAI Peregrinus

2/26/24, 6:17 PM

What are you trying to do? Do you need to authenticate a user with a password? If so, building PBKDF2 out of HMACs is a "minimum viable" choice, though nowhere near as good as a memory-hard password hashing function. The restriction on available libraries is very strange.

samuel-lucas6

2/26/24, 6:18 PM

@Murrchalkina I use C# as well and PBKDF2 is [here](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.rfc2898derivebytes?view=net-7.0), just specify HMAC-SHA-2 instead of using the default HMAC-SHA-1. I mentioned Balloon because it can be implemented using a hash function, although I wouldn't recommend trying until you're more experienced.

Maarten Bodewes

2/27/24, 2:47 AM

Well, you could use PBKDF1 as implemented by `PasswordDeriveBytes` instead (also a horrid name), sanity, consistency, principle of least surprise and security be damned. It also relies on HMAC :P Anyway for both PBKDF1 (just joking, do not use) and PBKDF2, **do not** ask for more bits/bytes than the output size of the hash function used!

Maarten Bodewes

2/27/24, 2:50 AM

I've voted down. We could describe an algorithm here, but I guess if we'd name it it would get on the list of prohibited algorithms.

Score:1

Crypto

Meir Maor

2/27/24, 2:48 PM

If you can't use an existing secure key derivation function but do have access to a SHA2 primitive, you can implement pbkdf2 yourself. It's not as good as using an existing trusted implementation and definetly inferior to modern memory hard functions but still better than a general lets iterate one way or another.

PBKDF2 is fairly simple to implemet but still has some key details, like using a salt and mixing in the input repeatedly.

+ 2

samuel-lucas6

2/27/24, 6:08 PM

The thing is he does appear to have access to PBKDF2, so there's no need to implement anything. He's using the C# System.Security.Cryptography namespace, which offers PBKDF2.

Meir Maor

2/28/24, 12:18 PM

I missed that, I only read the question which stated can't use PBKDF2, I took it at face value. I explictly stated using a well understood trusted implementation is superior.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can I use many iterations of HMAC function instead of PBKDF2?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.