Funksionet e Derivimit të Çelësit

Mesatar 12 min Kriptografia

Hyrje

A Key Derivation Function (KDF) takes a low-entropy input like a password and stretches it into a cryptographic key of the required length and strength.

Teoria

You cannot use a user password directly as an AES key: passwords are short, have patterns and are attackable with brute force. A KDF adds two protections. First, it mixes in a random salt so that the same password produces different keys for different users, defeating precomputed rainbow tables. Second, it repeats an expensive operation many times (or uses memory) so that even an attacker with GPUs or ASICs spends significant resources per guess. PBKDF2 is the oldest widely deployed KDF and is fine if configured with enough iterations (600,000+ for HMAC-SHA256 as of 2024 OWASP guidance). Scrypt and Argon2 are better: they are memory-hard, which means an attacker cannot cheaply parallelize attacks on GPU or ASIC hardware. Argon2id (the hybrid variant) won the 2015 Password Hashing Competition and is the current best practice for both password hashing and password-based key derivation. For keys derived from high-entropy input (random bytes, Diffie-Hellman shared secrets), a KDF like HKDF (HMAC-based KDF, RFC 5869) is the right choice. HKDF is fast because the input is already strong; it only needs to extract and expand the entropy, not stretch a weak password.

Mjetet

KDF-të moderne:

  • Argon2id — fituesi i Password Hashing Competition (2015).
  • scrypt — memory-hard, i përdorur nga Bitcoin, Litecoin.
  • bcrypt — i vjetër por ende i pranueshëm.
  • PBKDF2 — standardi FIPS, por GPU-friendly.

Praktika

Argon2id në PHP (PHP 7.2+):

$hash = password_hash($pwd, PASSWORD_ARGON2ID, [
    'memory_cost' => 65536, // 64 MB
    'time_cost'   => 4,
    'threads'     => 2,
]);
if (password_verify($input, $hash)) { /* ok */ }

Në Python me argon2-cffi:

from argon2 import PasswordHasher
ph = PasswordHasher(memory_cost=65536, time_cost=4, parallelism=2)
h = ph.hash('fjalekalim')
ph.verify(h, 'fjalekalim')

Ushtrime

  1. Benchmark kohët e verifikimit për bcrypt (cost 10, 12, 14).
  2. Shpjego pse SHA-256 për passwords është i gabuar.

Burime

  • RFC 9106 — Argon2.
  • OWASP Password Storage Cheat Sheet.

Vlerësimet dhe komentet

Kyçu për të lënë një vlerësim.

Ende pa komente. Bëhu i pari!

Diskutime

Ende pa diskutime. Hap një temë të re