使用PBKDF2与SHA256生成128位AES密钥是否安全? [英] Is it safe to use PBKDF2 with SHA256 to generate 128-bit AES keys?
问题描述
我想使用PBKDF2与一些加密哈希函数来生成128位AES密钥。 SHA1也是128位,所以我想使用PBKDF2,但它被打破了,所以我选择了使用SHA256。这是安全的,或者哈希大小和生成的密钥大小之间的差异会导致一些灾难性的静默截断,使AES密钥弱?
I want to use PBKDF2 with some cryptographic hash function to generate 128-bit AES keys. SHA1 is also 128-bit, so I thought of using that with PBKDF2, but it was broken, so I have opted to use SHA256 instead. Is this safe, or will the difference between the hash size and resulting key size cause some sort of disastrous silent truncation that will render the AES keys weak? Should I just have it generate 256-bit keys for AES instead?
推荐答案
虽然SHA-1是破碎的,但最合理的系统只能使用 HMAC 版本,它更强大,大概还是很好。也就是说,像 TLS 1.2 这样的新协议正在使用至少SHA-256 的伪随机函数(PRF)。
While SHA-1 is "broken", most reasonable systems only use the HMAC version, which is stronger and probably still fine. That said, newer protocols like TLS 1.2, are using at least SHA-256 for their Pseudo-Random Function (PRF).
你应该确定截断结果到你需要的大小(因为大多数PRFs做的)。以下讨论可在此问题。
You should be ok truncating the result down to the size you need (as most PRFs do). Some prior discussion is available on this question.
关于密钥长度,请参阅 keylength.com 。您要确保您对每个基元的使用方式保持一致。
In terms of key length, see keylength.com. You want to make sure you're consistent in the how you're using each primitive.
这篇关于使用PBKDF2与SHA256生成128位AES密钥是否安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
