Popis: |
Password-Based Key Derivation Function 2 (PBKDF2) is widely used cryptographic algorithm in order to generate secure keys to a password in various occasions. For example, it is used for file encryption and implementation of authentication systems, and so on. However, the generated derived key has a lower entropy than a general cryptography key, so its use is limited. To compensate for this the number of iteration counts of PBKDF2 should be increased. As the number of repetitive tasks increases, the entropy of the derived key increases, but it takes more time to generate the derived key. We present various optimization methods of PBKDF2. The main idea of our proposed method is reducing redundant block operations and optimizing the internal process of underlying Pseudo Random Function (PRF). In other words, we integrate several redundant operations and make full use of constant values used in PBKDF2. We use two HMAC algorithms: one using SHA-2 family and one using LSH family as the PRF of PBKDF2 (SHA-2 family is the most widely used hash functions, and LSH family is the latest hash function recently developed in South Korea). With our techniques, our implementations outperform Korea Internet & Security Agency (KISA) implementation by 121.26%, 325.91%, and 231.89% for using SHA256, LSH256, and LSH512 respectively; and also outperform OpenSSL implementation by 39.59% using SHA512. In addition, we show that the internal process of PBKDF2 can be computed independently. With our multi thread technique, our PBKDF2 implementations outperform KISA implementation by 2,152.66%, 1,986.85%, and 1,591.36% for using SHA256, LSH256, and LSH512 respectively; and our PBKDF2-HMAC-SHA512 implementation outperforms OpenSSL implementation by 523.57%. With our proposed implementation techniques, higher security can be achieved with more iteration operations. Furthermore, our optimization techniques can be easily expanded to optimize the performance of PBKDF2 on GPGPU and embedded devices. |