List of PBKDF2 implementations

Last updated

List of software that implements or uses the PBKDF2 key derivation standard.

Contents

Implementations

Systems that use PBKDF2

Disk encryption software

Related Research Articles

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

<span class="mw-page-title-main">/dev/random</span> Pseudorandom number generator file in Unix-like operating systems

In Unix-like operating systems, /dev/random and /dev/urandom are special files that serve as cryptographically secure pseudorandom number generators. They allow access to environmental noise collected from device drivers and other sources. /dev/random typically blocked if there was less entropy available than requested; more recently it usually blocks at startup until sufficient entropy has been gathered, then unblocks permanently. The /dev/urandom device typically was never a blocking device, even if the pseudorandom number generator seed was not fully initialized with entropy since boot. Not all operating systems implement the same methods for /dev/random and /dev/urandom.

OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.

<span class="mw-page-title-main">TrueCrypt</span> Discontinued source-available disk encryption utility

TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device.

Disk encryption software is computer security software that protects the confidentiality of data stored on computer media by using disk encryption.

<span class="mw-page-title-main">Password Safe</span> Free password manager by Bruce Schneier

Password Safe is a free and open-source password manager program originally written for Microsoft Windows but supporting wide area of operating systems with compatible clients available for Linux, FreeBSD, Android, IOS, BlackBerry and other operating systems as well.

Crypto API is a cryptography framework in the Linux kernel, for various parts of the kernel that deal with cryptography, such as IPsec and dm-crypt. It was introduced in kernel version 2.5.45 and has since expanded to include essentially all popular block ciphers and hash functions.

In Unix computing, crypt or enigma is a utility program used for encryption. Due to the ease of breaking it, it is considered to be obsolete.

In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources it takes to test each possible key. Passwords or passphrases created by humans are often short or predictable enough to allow password cracking, and key stretching is intended to make such attacks more difficult by complicating a basic step of trying a single password candidate. Key stretching also improves security in some real-world applications where the key length has been constrained, by mimicking a longer key length from the perspective of a brute-force attacker.

The Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and originally intended for Linux.

This is a technical feature comparison of different disk encryption software.

dm-crypt is a transparent block device encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper (dm) infrastructure, and uses cryptographic routines from the kernel's Crypto API. Unlike its predecessor cryptoloop, dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. In addition to that, dm-crypt addresses some reliability problems of cryptoloop.

bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.

An Advanced Encryption Standard instruction set is now integrated into many processors. The purpose of the instruction set is to improve the speed and security of applications performing encryption and decryption using the Advanced Encryption Standard (AES).

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

Mbed TLS is an implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. It is distributed under the Apache License version 2.0. Stated on the website is that Mbed TLS aims to be "easy to understand, use, integrate and expand".

wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS written in the C programming language. It includes SSL/TLS client libraries and an SSL/TLS server implementation as well as support for multiple APIs, including those defined by SSL and TLS. wolfSSL also includes an OpenSSL compatibility interface with the most commonly used OpenSSL functions.

crypt is a POSIX C library function. It is typically used to compute the hash of user account passwords. The function outputs a text string which also encodes the salt, and identifies the hash algorithm used. This output string forms a password record, which is usually stored in a text file.

<span class="mw-page-title-main">VeraCrypt</span> Free and open-source disk encryption utility

VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot authentication.

In cryptography, a pepper is a secret added to an input such as a password during hashing with a cryptographic hash function. This value differs from a salt in that it is not stored alongside a password hash, but rather the pepper is kept separate in some other medium, such as a Hardware Security Module. Note that the National Institute of Standards and Technology never refers to this value as a pepper but rather as a secret salt. A pepper is similar in concept to a salt or an encryption key. It is like a salt in that it is a randomized value that is added to a password hash, and it is similar to an encryption key in that it should be kept secret.

References

  1. "Authentication and authorisation in GRUB".
  2. "Windows Data Protection". NAI Labs, Network Associates, Inc.; Microsoft Corporation. October 2001. Archived from the original on 2007-04-16.
  3. "AES Coding Tips for Developers". WinZip. 2008-07-21. Retrieved 2013-09-07.
  4. "BRG Main SIte". Winzip.com. Retrieved 2013-09-07.
  5. Black, Crystal (2015-03-10). "Keeper: A Fresh Look At Password Management And Data Security". Techaeris. Retrieved 2015-04-16.
  6. "Security". LastPass: How We Do It. LastPass . Retrieved 2013-06-13.
  7. "LastPass Security Notification". LastPass. 2011-05-04. Archived from the original on 2012-05-07. Retrieved 2013-06-13.
  8. "Defending against crackers, PBKDF2". Agilebits, Inc. 2014. Retrieved 2014-11-14.
  9. "Enpass Security Whitepaper, PBKDF2". Sinew Software Systems Pvt Ltd. 2018. Retrieved 2018-12-05.
  10. "Our security model in a nutshell". Dashlane, Inc. 2014. Retrieved 2014-03-09.
  11. "Protection of User Data in Dashlane" (PDF). Dashlane Security Whitepaper. Dashlane, Inc. November 2011. Retrieved 2014-03-09.
  12. "What encryption is being used? | Bitwarden Help & Support". help.bitwarden.com. Retrieved 2019-09-21.
  13. "How does Standard Notes secure my notes?". standardnotes.com. Retrieved 2020-01-07.
  14. iOS security Archived 2012-10-21 at the Wayback Machine , May 2012, Apple inc.
  15. "How Django stores passwords". Django 1.4 documentation. 2012-03-23. Retrieved 31 July 2012.
  16. Odoo Security
  17. Encrypt/decrypt using block ciphers, Programmer’s Reference Guide of Zend Framework 2.
  18. Worldwide. "Cisco Security Response: Cisco IOS and Cisco IOS XE Type 4 Passwords Issue". Tools.cisco.com. Retrieved 2013-09-07.
  19. Dan Callahan (2014-04-30). "Firefox Sync's New Security Model". Mozilla Cloud Services. Mozilla. Retrieved 2015-07-16.
  20. Notes on the implementation of encryption in Android 3.0 Archived 2013-05-22 at the Wayback Machine , September 2012, Android Open Source Project.
  21. https://events.ccc.de/congress/2006/Fahrplan/attachments/1244-23C3VileFault.pdf [ bare URL PDF ]
  22. "Header Key Derivation, Salt, and Iteration Count". TrueCrypt User’s Guide. TrueCrypt Foundation. 2012-02-07. Retrieved 2013-06-08.
  23. "Header Key Derivation, Salt, and Iteration Count". VeraCrypt Documentation. IDRIX. Retrieved 2017-10-16.
  24. "CipherShed User's Guide, Technical Details" (PDF). CipherShed User’s Guide. CipherShed Project. 2014-12-19. Retrieved 2014-12-27.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.