Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PBKDF2-HMAC-SHA2 test vectors

Tags:

There are test vectors for PBKDF2-HMAC-SHA1 in RFC6070. There are test vectors for HMAC-SHA2 in RFC4231.

But so far I haven't found test vectors for PBKDF2-HMAC-SHA2 anywhere.

I'm most interested in SHA256, so I'll post some vectors I calculated with my implementation. I'd be happy if someone could verify/confirm them, or contribute their own.

like image 616
Christian Aichinger Avatar asked Feb 26 '11 23:02

Christian Aichinger


People also ask

What is PBKDF2 HMAC SHA256?

The PBKDF2-HMAC-SHA256 Password Storage Scheme provides a mechanism for encoding user passwords using the PBKDF2-HMAC-SHA256 message digest algorithm. This scheme contains an implementation for the user password syntax, with a storage scheme name of "PBKDF2-HMAC-SHA256".

What is PBKDF2 with HMAC SHA1?

PBKDF2 is a widely used method to derive a key of given length based on a given password, salt and number of iterations. In this case it specifically uses HMAC with the SHA-1 hash function, which is the default as per RFC2898.

Is PBKDF2 HMAC SHA1 secure?

But PBKDF2-HMAC-SHA1 is fine. Also standard HMAC use has not been compromised, but again, longer hashes are in principle more secure in that scenario.

What is PBKDF2 used for?

PBKDF2 (Password Based Key Derivation Function 2) is typically used for deriving a cryptographic key from a password. It may also be used for key storage, but an alternate key storage KDF such as Scrypt is generally considered a better solution.


2 Answers

I implemented PBKDF2 using the standard hashlib and hmac modules in Python and checked the output against both the RFC 6070 vectors and the vectors you posted – it matches.

Here are the vectors I get with a larger dkLen to match the larger digest output size. This is the output of pbkdf2-test-vectors.py sha256, which takes about 10 minutes to run.

PBKDF2 HMAC-SHA256 Test Vectors  Input:   P = "password" (8 octets)   S = "salt" (4 octets)   c = 1   dkLen = 32  Output:   DK = 12 0f b6 cf fc f8 b3 2c        43 e7 22 52 56 c4 f8 37        a8 65 48 c9 2c cc 35 48        08 05 98 7c b7 0b e1 7b (32 octets)   Input:   P = "password" (8 octets)   S = "salt" (4 octets)   c = 2   dkLen = 32  Output:   DK = ae 4d 0c 95 af 6b 46 d3        2d 0a df f9 28 f0 6d d0        2a 30 3f 8e f3 c2 51 df        d6 e2 d8 5a 95 47 4c 43 (32 octets)   Input:   P = "password" (8 octets)   S = "salt" (4 octets)   c = 4096   dkLen = 32  Output:   DK = c5 e4 78 d5 92 88 c8 41        aa 53 0d b6 84 5c 4c 8d        96 28 93 a0 01 ce 4e 11        a4 96 38 73 aa 98 13 4a (32 octets)   Input:   P = "password" (8 octets)   S = "salt" (4 octets)   c = 16777216   dkLen = 32  Output:   DK = cf 81 c6 6f e8 cf c0 4d        1f 31 ec b6 5d ab 40 89        f7 f1 79 e8 9b 3b 0b cb        17 ad 10 e3 ac 6e ba 46 (32 octets)   Input:   P = "passwordPASSWORDpassword" (24 octets)   S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)   c = 4096   dkLen = 40  Output:   DK = 34 8c 89 db cb d3 2b 2f        32 d8 14 b8 11 6e 84 cf        2b 17 34 7e bc 18 00 18        1c 4e 2a 1f b8 dd 53 e1        c6 35 51 8c 7d ac 47 e9 (40 octets)   Input:   P = "pass\0word" (9 octets)   S = "sa\0lt" (5 octets)   c = 4096   dkLen = 16  Output:   DK = 89 b6 9d 05 16 f8 29 89        3c 69 62 26 65 0a 86 87 (16 octets) 
like image 130
aaz Avatar answered Nov 10 '22 00:11

aaz


Test vectors for PBKDF2-HMAC-SHA256:

Input values were taken from RFC6070; c is the number of rounds.

Input:  P = "password" (8 octets)  S = "salt" (4 octets)  c = 1  dkLen = 20 Output:  DK = 12 0f b6 cf fc f8 b3 2c 43 e7 22 52 56 c4 f8 37 a8 65 48 c9   Input:  P = "password" (8 octets)  S = "salt" (4 octets)  c = 2  dkLen = 20 Output:  DK = ae 4d 0c 95 af 6b 46 d3 2d 0a df f9 28 f0 6d d0 2a 30 3f 8e   Input:  P = "password" (8 octets)  S = "salt" (4 octets)  c = 4096  dkLen = 20 Output:  DK = c5 e4 78 d5 92 88 c8 41 aa 53 0d b6 84 5c 4c 8d 96 28 93 a0   Input:  P = "password" (8 octets)  S = "salt" (4 octets)  c = 16777216  dkLen = 20 Output:  DK = cf 81 c6 6f e8 cf c0 4d 1f 31 ec b6 5d ab 40 89 f7 f1 79 e8   Input:  P = "passwordPASSWORDpassword" (24 octets)  S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)  c = 4096  dkLen = 25 Output:  DK = 34 8c 89 db cb d3 2b 2f 32 d8 14 b8 11 6e 84 cf       2b 17 34 7e bc 18 00 18 1c   Input:  P = "pass\0word" (9 octets)  S = "sa\0lt" (5 octets)  c = 4096  dkLen = 16 Output:  DK = 89 b6 9d 05 16 f8 29 89 3c 69 62 26 65 0a 86 87 
like image 21
Christian Aichinger Avatar answered Nov 10 '22 00:11

Christian Aichinger