List of PBKDF2 implementations

Last updated

List of software that implements or uses the PBKDF2 key derivation standard.

Contents

Implementations

Systems that use PBKDF2

Disk encryption software

Related Research Articles

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

passwd Tool to change passwords on Unix-like OSes

passwd is a command on Unix, Plan 9, Inferno, and most Unix-like operating systems used to change a user's password. The password entered by the user is run through a key derivation function to create a hashed version of the new password, which is saved. Only the hashed version is stored; the entered password is not saved for security reasons.

<span class="mw-page-title-main">/dev/random</span> Pseudorandom number generator file in Unix-like operating systems

In Unix-like operating systems, /dev/random and /dev/urandom are special files that serve as cryptographically secure pseudorandom number generators (CSPRNGs). They allow access to a CSPRNG that is seeded with entropy from environmental noise, collected from device drivers and other sources. /dev/random typically blocked if there was less entropy available than requested; more recently it usually blocks at startup until sufficient entropy has been gathered, then unblocks permanently. The /dev/urandom device typically was never a blocking device, even if the pseudorandom number generator seed was not fully initialized with entropy since boot. Not all operating systems implement the same methods for /dev/random and /dev/urandom.

Disk encryption software is a computer security software that protects the confidentiality of data stored on computer media by using disk encryption.

<span class="mw-page-title-main">Password Safe</span> Free password manager by Bruce Schneier

Password Safe is a free and open-source password manager program originally written for Microsoft Windows but supporting a wide array of operating systems, with compatible clients available for Linux, FreeBSD, Android, IOS, BlackBerry and other operating systems.

Crypto API is a cryptography framework in the Linux kernel, for various parts of the kernel that deal with cryptography, such as IPsec and dm-crypt. It was introduced in kernel version 2.5.45 and has since expanded to include essentially all popular block ciphers and hash functions.

The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."

In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources it takes to test each possible key. Passwords or passphrases created by humans are often short or predictable enough to allow password cracking, and key stretching is intended to make such attacks more difficult by complicating a basic step of trying a single password candidate. Key stretching also improves security in some real-world applications where the key length has been constrained, by mimicking a longer key length from the perspective of a brute-force attacker.

The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.

This is a technical feature comparison of different disk encryption software.

dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. In addition to that, dm-crypt addresses some reliability problems of cryptoloop.

bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.

An AES instruction set is a set of instructions that are specifically designed to perform AES encryption and decryption operations efficiently. These instructions are typically found in modern processors and can greatly accelerate AES operations compared to software implementations. An AES instruction set includes instructions for key expansion, encryption, and decryption using various key sizes.

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

Mbed TLS is an implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. It is distributed under the Apache License version 2.0. Stated on the website is that Mbed TLS aims to be "easy to understand, use, integrate and expand".

wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS written in the C programming language. It includes SSL/TLS client libraries and an SSL/TLS server implementation as well as support for multiple APIs, including those defined by SSL and TLS. wolfSSL also includes an OpenSSL compatibility interface with the most commonly used OpenSSL functions.

crypt is a POSIX C library function. It is typically used to compute the hash of user account passwords. The function outputs a text string which also encodes the salt, and identifies the hash algorithm used. This output string forms a password record, which is usually stored in a text file.

<span class="mw-page-title-main">VeraCrypt</span> Free and open-source disk encryption utility

VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot authentication.

<span class="mw-page-title-main">Bitwarden</span> Open-source password manager


Bitwarden is a freemium open-source password management service that stores sensitive information, such as website credentials, in an encrypted vault. The platform offers a variety of client applications, including a web interface, desktop applications, browser extensions, mobile apps, and a command-line interface. Bitwarden offers a free US or European cloud-hosted service as well as the ability to self-host.

References

  1. "Authentication and authorisation in GRUB".
  2. "Windows Data Protection". NAI Labs, Network Associates, Inc.; Microsoft Corporation. October 2001. Archived from the original on 2007-04-16.
  3. "AES Coding Tips for Developers". WinZip. 2008-07-21. Retrieved 2013-09-07.
  4. "BRG Main SIte". Winzip.com. Retrieved 2013-09-07.
  5. Black, Crystal (2015-03-10). "Keeper: A Fresh Look At Password Management And Data Security". Techaeris. Retrieved 2015-04-16.
  6. "Security". LastPass: How We Do It. LastPass . Retrieved 2013-06-13.
  7. "LastPass Security Notification". LastPass. 2011-05-04. Archived from the original on 2012-05-07. Retrieved 2013-06-13.
  8. "Defending against crackers, PBKDF2". Agilebits, Inc. 2014. Retrieved 2014-11-14.
  9. "Enpass Security Whitepaper, PBKDF2". Sinew Software Systems Pvt Ltd. 2018. Retrieved 2018-12-05.
  10. "Our security model in a nutshell". Dashlane, Inc. 2014. Retrieved 2014-03-09.
  11. "Protection of User Data in Dashlane" (PDF). Dashlane Security Whitepaper. Dashlane, Inc. November 2011. Retrieved 2014-03-09.
  12. "What encryption is being used? | Bitwarden Help & Support". help.bitwarden.com. Retrieved 2019-09-21.
  13. "How does Standard Notes secure my notes?". standardnotes.com. Retrieved 2020-01-07.
  14. iOS security Archived 2012-10-21 at the Wayback Machine , May 2012, Apple inc.
  15. "How Django stores passwords". Django 1.4 documentation. 2012-03-23. Retrieved 31 July 2012.
  16. Odoo Security
  17. Encrypt/decrypt using block ciphers, Programmer’s Reference Guide of Zend Framework 2.
  18. Worldwide. "Cisco Security Response: Cisco IOS and Cisco IOS XE Type 4 Passwords Issue". Tools.cisco.com. Retrieved 2013-09-07.
  19. Dan Callahan (2014-04-30). "Firefox Sync's New Security Model". Mozilla Cloud Services. Mozilla. Retrieved 2015-07-16.
  20. Notes on the implementation of encryption in Android 3.0 Archived 2013-05-22 at the Wayback Machine , September 2012, Android Open Source Project.
  21. https://events.ccc.de/congress/2006/Fahrplan/attachments/1244-23C3VileFault.pdf [ bare URL PDF ]
  22. "Header Key Derivation, Salt, and Iteration Count". TrueCrypt User’s Guide. TrueCrypt Foundation. 2012-02-07. Retrieved 2013-06-08.
  23. "Header Key Derivation, Salt, and Iteration Count". VeraCrypt Documentation. IDRIX. Retrieved 2017-10-16.
  24. "CipherShed User's Guide, Technical Details" (PDF). CipherShed User’s Guide. CipherShed Project. 2014-12-19. Retrieved 2014-12-27.