Skip to main content

5.1. PBKDF1

5.1. PBKDF1

PBKDF1 applies a hash function, which shall be MD2 [RFC1319], MD5 [RFC1321], or SHA-1 [NIST180], to derive keys. The length of the derived key is bounded by the length of the hash function output, which is 16 octets for MD2 and MD5 and 20 octets for SHA-1. PBKDF1 is compatible with the key derivation process in PKCS #5 v1.5 [PKCS5_15].

PBKDF1 is recommended only for compatibility with existing applications since the keys it produces may not be large enough for some applications.

PBKDF1 (P, S, c, dkLen)

Options:

  • Hash: underlying hash function

Input:

  • P: password, an octet string
  • S: salt, an octet string
  • c: iteration count, a positive integer
  • dkLen: intended length in octets of derived key, a positive integer, at most 16 for MD2 or MD5 and 20 for SHA-1

Output:

  • DK: derived key, a dkLen-octet string

Steps:

  1. If dkLen > 16 for MD2 and MD5, or dkLen > 20 for SHA-1, output "derived key too long" and stop.

  2. Apply the underlying hash function Hash for c iterations to the concatenation of the password P and the salt S, then extract the first dkLen octets to produce a derived key DK:

    T_1 = Hash (P || S) ,
    T_2 = Hash (T_1) ,
    ...
    T_c = Hash (T_{c-1}) ,
    DK = T_c<0..dkLen-1>

  3. Output the derived key DK.

Last updated on