One document matched: draft-josefsson-pbkdf2-test-vectors-05.xml

<?xml version="1.0"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">

<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
    <!ENTITY ascii PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml2/_reference.ANSI.X3-4.1986.xml'>
    <!ENTITY rfc2104 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2104.xml'>
    <!ENTITY rfc2898 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2898.xml'>
    <!ENTITY fips180 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml2/reference.FIPS.180-1.1995.xml'>
    <!ENTITY rfc5802 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5802.xml'>
]>

<?rfc compact="yes"?>
<?rfc toc="yes"?>
<?rfc symrefs="yes"?>

<rfc category="info" ipr="trust200902"
    docName="draft-josefsson-pbkdf2-test-vectors-05">

    <front>

	<title abbrev="PKCS #5 PBKDF2 Test Vectors">
	  PKCS #5 Password Based Key Derivation Function 2 (PBKDF2) Test Vectors
	</title>

	<author initials="S." surname="Josefsson" fullname="Simon Josefsson">
	    <organization>SJD AB</organization>
	    <address>
		<postal>
		    <street>Hagagatan 24</street>
		    <city>Stockholm</city>
		    <code>113 47</code>
		    <country>SE</country>
		</postal>
		<email>simon@josefsson.org</email>
		<uri>http://josefsson.org/</uri>
	    </address>
	</author>

	<date month="August" year="2010"/>

	<abstract>

	  <t>This document contains test vectors for the Public-Key
	    Cryptography Standards (PKCS) #5 Password Based Key
	    Derivation Function 2 (PBKDF2) with the Hash-based Message
	    Authentication Code (HMAC) Secure Hash Algorithm (SHA-1)
	    pseudorandom function.</t>

	</abstract>

    </front>

    <middle>

	<section anchor="intro"
		 title="Introduction">

	  <t>The <xref target="RFC2898">Public-Key Cryptography
	      Standards (PKCS) #5</xref> Password Based Key Derivation
	    Function 2 (PBKDF2) is used by several protocols to
	    derive encryption keys from a password.</t>

	  <t>For example, <xref target="RFC5802">Salted Challenge
	      Response Authentication Mechanism (SCRAM)</xref> uses
	    PBKDF2 with <xref target="RFC2104">Hash-based Message
	      Authentication Code (HMAC)</xref>
	    and <xref target="FIPS.180-1.1995">Secure Hash Algorithm
	      (SHA-1)</xref>.</t>
	  
	  <t>Test vectors for the algorithm were not included in the
	    original specification, but are often useful for
	    implementers.  This document addresses this
	    shortcoming.</t>

	</section>

	<section anchor="pbkdf2-hmac-sha1-test-vectors"
		 title="PBKDF2 HMAC-SHA1 Test Vectors">

	  <t>Below the input strings are encoded
	    using <xref target="ANSI.X3-4.1986">ASCII</xref>.  The
	    sequence "\0" (without quotation marks) means a literal
	    ASCII NUL value (1 octet).</t>

	<figure>
	  <artwork>
  Input:
    P = "password" (8 octets)
    S = "salt" (4 octets)
    c = 1
    dkLen = 20

  Output:
    DK = 0c 60 c8 0f 96 1f 0e 71
         f3 a9 b5 24 af 60 12 06
         2f e0 37 a6             (20 octets)
	  </artwork>
	</figure>

	<figure>
	  <artwork>
  Input:
    P = "password" (8 octets)
    S = "salt" (4 octets)
    c = 2
    dkLen = 20

  Output:
    DK = ea 6c 01 4d c7 2d 6f 8c
         cd 1e d9 2a ce 1d 41 f0
         d8 de 89 57             (20 octets)
	  </artwork>
	</figure>

	<figure>
	  <artwork>
  Input:
    P = "password" (8 octets)
    S = "salt" (4 octets)
    c = 4096
    dkLen = 20

  Output:
    DK = 4b 00 79 01 b7 65 48 9a
         be ad 49 d9 26 f7 21 d0
         65 a4 29 c1             (20 octets)
	  </artwork>
	</figure>

	<figure>
	  <artwork>
  Input:
    P = "password" (8 octets)
    S = "salt" (4 octets)
    c = 16777216
    dkLen = 20

  Output:
    DK = ee fe 3d 61 cd 4d a4 e4
         e9 94 5b 3d 6b a2 15 8c
         26 34 e9 84             (20 octets)
	  </artwork>
	</figure>

	<figure>
	  <artwork>
  Input:
    P = "passwordPASSWORDpassword" (24 octets)
    S = "saltSALTsaltSALTsaltSALTsaltSALTsalt" (36 octets)
    c = 4096
    dkLen = 25

  Output:
    DK = 3d 2e ec 4f e4 1c 84 9b
         80 c8 d8 36 62 c0 e4 4a
         8b 29 1a 96 4c f2 f0 70
         38                      (25 octets)
	  </artwork>
	</figure>

	<figure>
	  <artwork>
  Input:
    P = "pass\0word" (9 octets)
    S = "sa\0lt" (5 octets)
    c = 4096
    dkLen = 16

  Output:
    DK = 56 fa 6a a7 55 48 09 9d
         cc 37 d7 f0 34 25 e0 c3 (16 octets)
	  </artwork>
	</figure>

	</section>

	<section anchor="ack"
		 title="Acknowledgements">

	  <t>Barry Brachman and Love Hörnquist Åstrand confirmed the
	    test vectors (using independent implementations) and
	    pointed out a mistake in the salt octet length count.</t>

	</section>

	<section title="Copying conditions">

	  <t>This document should be considered a Code Component, and
	    is thus effectively available under the BSD license.</t>
  
	</section>

	<section title="Security Considerations">

	  <t>The security considerations in <xref target="RFC2898" />
	    apply.  This document does not introduce any new security
	    considerations.</t>
  
	</section>

	<section title="IANA Considerations">

	  <t>None.</t>
  
	</section>

    </middle>

    <back>

	<references title="Normative References">
&ascii;
&rfc2104;
&rfc2898;
&fips180;
	</references>

	<references title="Informative References">
&rfc5802;
	</references>

    </back>

</rfc>