Score:-1

Can I use many iterations of HMAC function instead of PBKDF2?

be flag

I know, that PBKDF2 uses HMAC with SHA2 function as PRF. But.. can I use many iterations of HMAC with SHA2 directly? Is this effective and securely? P.S I need the best function, but I can’t use bcrypt, argon, pbkdf2.

fgrieu avatar
ng flag
[PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) is many iterations of HMAC, arranged in a certain way. If you can use many iterations of HMAC, and can decide how, then you can build PBKDF2. Not that it can give "the best function", which requires memory and a [memory-hard](https://en.wikipedia.org/wiki/Memory-hard_function) construction.
samuel-lucas6 avatar
bs flag
The alternative is [Balloon](https://crypto.stanford.edu/balloon/), which would be more secure but is [very underspecified](https://github.com/RustCrypto/password-hashes/pull/232).
Murrchalkina avatar
be flag
@fgrieu Can you suggest best function? Could it be ECC with nistp256 curve? I heard, that it’s secured. What do you think?
Murrchalkina avatar
be flag
@samuel-lucas6 I can’t use functions like that. I need “default” functions.. Functions, which have implementation in many languages without using user’s libraries
fgrieu avatar
ng flag
PBKDF2 (or nearly equivalently iterations of HMAC) pursue different objectives than "ECC with nistp256 curve". Asking which one to uses without context is like asking; tricycle or glider? Addition: PBKDF2 is a purposely slow key derivation function, sometime used for entropy stretching (but poor at that). "ECC with nistp256 curve" is for things like signature, or public-key encryption, or key exchange.
Murrchalkina avatar
be flag
@fgrieu But anyway, these are hash functions. I need speed and safety. I understand that they are used for different purposes, but nevertheless, what will be effective for my requirements?
kr flag
@Murrchalkina: *"what will be effective for my requirements"* - What requirements you mean? You have not defined any single requirement.
kr flag
@Murrchalkina: *"Functions, which have implementation in many languages without using user’s libraries"* - What makes you think that SHA2 is available without using libraries? You **contradict to yourself** when you use user library for SHA2, but don't want to use PBKDF2 because it is in the user library.
Murrchalkina avatar
be flag
I use c# and sha256 is available in system lib. Other functions like bcrypt and other - doesn’t support in system lib
SAI Peregrinus avatar
si flag
What are you trying to do? Do you need to authenticate a user with a password? If so, building PBKDF2 out of HMACs is a "minimum viable" choice, though nowhere near as good as a memory-hard password hashing function. The restriction on available libraries is very strange.
samuel-lucas6 avatar
bs flag
@Murrchalkina I use C# as well and PBKDF2 is [here](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.rfc2898derivebytes?view=net-7.0), just specify HMAC-SHA-2 instead of using the default HMAC-SHA-1. I mentioned Balloon because it can be implemented using a hash function, although I wouldn't recommend trying until you're more experienced.
Maarten Bodewes avatar
in flag
Well, you could use PBKDF1 as implemented by `PasswordDeriveBytes` instead (also a horrid name), sanity, consistency, principle of least surprise and security be damned. It also relies on HMAC :P Anyway for both PBKDF1 (just joking, do not use) and PBKDF2, **do not** ask for more bits/bytes than the output size of the hash function used!
Maarten Bodewes avatar
in flag
I've voted down. We could describe an algorithm here, but I guess if we'd name it it would get on the list of prohibited algorithms.
Score:1
in flag

If you can't use an existing secure key derivation function but do have access to a SHA2 primitive, you can implement pbkdf2 yourself. It's not as good as using an existing trusted implementation and definetly inferior to modern memory hard functions but still better than a general lets iterate one way or another.

PBKDF2 is fairly simple to implemet but still has some key details, like using a salt and mixing in the input repeatedly.

samuel-lucas6 avatar
bs flag
The thing is he does appear to have access to PBKDF2, so there's no need to implement anything. He's using the C# System.Security.Cryptography namespace, which offers PBKDF2.
Meir Maor avatar
in flag
I missed that, I only read the question which stated can't use PBKDF2, I took it at face value. I explictly stated using a well understood trusted implementation is superior.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.