PBKDF2WithHmacSHA256密钥长度对输出长度的影响 [英] PBKDF2WithHmacSHA256 impact of key length to the output length

问题描述

考虑以下Java代码:

Consider the following java code:

KeySpec spec = new PBEKeySpec("pass".toCharArray(), "salt".getBytes(),
    10000, 512);
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
System.out.println(f.generateSecret(spec).getEncoded().length);

此代码输出" 64 ".所以是64个字节，而SHA-256是32个字节的哈希.

This code outputs "64". So 64 bytes, while SHA-256 is a 32 byte hash.

我知道我指定了512位(64字节)作为密钥长度.
但是，我会期望(PBKDF2)将由SHA-256进行哈希处理，因此输出应始终为32个字节，而不管我使用的密钥大小如何.

I know I specified 512 bits (64 byte) as the key length.
However I would expect that the generated key (PBKDF2) will be hashed by SHA-256 so that the output should always be 32 bytes, irrespective what key size I am using.

我所缺少的(或者为什么我的期望是错误的)?

What I am missing (or why are my expectations wrong)?

推荐答案

我们可以将PBKDF编写为 DK = PBKDF2(PRF，Password，Salt，c，dkLen)

We can write PBKDF as DK = PBKDF2(PRF, Password, Salt, c, dkLen)

• PRF 是伪随机函数，输出长度为 hlen
• dkLen 是派生密钥的所需位长
• 'c'是迭代次数

• PRF is pseudorandom function with output length hlen
• dkLen is the desired bit-length of the derived key
• 'c' is the number of iterations

计算方式；

DK = T1 ‖ T2 ‖ ... ‖ T_{dklen/hlen}

其中 Ti = F(密码，盐，c，i)，并且每个都有 hlen 大小.

Where Ti = F(Password, Salt, c, i) and each has hlen sizes.

F(Password, Salt, c, i) = U1 ⊕ U2 ⊕ ... ⊕ Uc

和

U1 = PRF(Password, Salt + INT_32_BE(i))
U2 = PRF(Password, U1)
...
Uc = PRF(Password, Uc-1)

dklen 最多为后端哈希(PRF)输出大小的2 ^ 32-1倍.

The dklen can be at most 2^32 - 1 times the size of the output of the backend hash (PRF).

，只需对32位编码值的 i 进行盐修饰，PBKDF2就可以输出多个 hlen 输出.

as you can see, with little modification of the salt with 32-bit encoded value of i, PBKDF2 can output multiple hlen outputs.

这篇关于PBKDF2WithHmacSHA256密钥长度对输出长度的影响的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！