NIST Special Publication 800-132 Recommendation for Password-Based Key Derivation Part 1: Storage Applications Meltem Sönmez Turan, Elaine Ba rker, William Burr, and Lily Chen Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y December 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Director SP 800-132 Recommendation for Password-Base d Key Derivation December 2010 Abstract This Recommendation specifies techniques for the derivation of master keys from passwords or passphrases to protect stored electro nic data or data protection keys. KEY WORDS: Password-Based Key Derivation Functions, Salt, It eration Count, Protection of data in storage ii SP 800-132 Recommendation for Password-Base d Key Derivation December 2010 Acknowledgements The authors, Meltem Sönmez Turan, Elaine Barker, William Burr, and Lily Chen of the National Institute of Standards and Technology (NIST), w ould like to thank their colleagues at NIST, Shu-jen H. Chang, Morris Dworkin, Allen Rogins ky, and John Kelsey, and also Morgan Stern, Matt Yurkewych, Kevin Igoe, Rich Davis and Chri s Bean of the National Security Agency, for helpful discussions and valuable comments. iii SP 800-132 Recommendation for Password-Base d Key Derivation December 2010 iv Table of Contents 1 ................................................................................................ 1 Introduction 2 .................................................................................................... 1 Authority 3 ......................................................... 2 Definitions, Acronyms and Symbols 3.1 ............................................................................................................ 2 Definitions 3.2 ............................................................................................................. 4 Acronyms 3.3 ................................................................................................................ 4 Symbols 4 .................................................................................... 5 General Discussion 5 .............................................. 5 Password-Based Key Derivation Functions 5.1 .......................................................................................................... 6 The Salt ( S) 5.2 ........................................................................................ 6 The Iteration Count ( C) 5.3 ........................................................................................... 7 PBKDF Specification 5.4 ................................................... 8 Using the Derived Master Key to Protect Data 6 ................................................................................................ 10 References Appendix A Security Considerations ........................................................... 11 A.1 User-Selected Passwords ..................................................................................... 11 A.2 PBKDF ................................................................................................................. 12 A.2.1 Length of the Salt ..................................................................................... 12 A.2.2 Iteration Count ......................................................................................... 12 A.3 .............................................................................................. 14 Protection of DPK Appendix B Conformance to “Non-testable” Requirements ........................ 14 SP 800-132 Recommendation for Password-Based Key Derivation December 2010 Recommendation for Password-Based Key Derivation 1 Int