Key Stretching

Key stretching is sometimes referred to as "key strengthening", although the latter term originally referred to another technique with significantly different security and performance properties (see section 6 of for a comparison).

Key stretching techniques generally work as follows. The initial key is fed into an algorithm that, running on a given speed of processor, takes a known constant time to apply. The algorithm is constructed so that the delay introduced is acceptable to most users, say one second on a typical personal computer. The output is the enhanced key. The enhanced key should be of sufficient size to make it unfeasible to break by brute force (e.g. at least 128 bits). The overall algorithm used should be secure in the sense that there should be no known way of taking a shortcut that would make it possible to calculate the enhanced key in less time (less processor work) than by using the key stretching algorithm itself.

The key stretching process leaves the attacker with two options: either try every possible combination of the enhanced key (infeasible if the enhanced key is long enough), or else try likely combinations of the initial key. In the latter approach, if the initial key is a password or a passphrase, then the attacker would first try every word in a dictionary or common password list and then try all character combinations for longer passwords. Key stretching does not prevent this approach, but the attacker has to spend much more time on each attempt.

If the attacker uses the same class of hardware as the user, each guess will take the same amount of time to process as it took the user (for example, one second). Even if the attacker has much greater computing resources than the user, the key stretching will still slow the attacker down, since the user's computer only has to compute the stretching function once upon the user entering his/her password, whereas the attacker must compute it for every guess in the attack.

There are several ways to perform key stretching. A cryptographic hash function or a block cipher may be repeatedly applied in a loop (see pseudo code below). In applications where the key is used for a cipher, the key schedule (key set-up) in the cipher may be modified so that it takes one second to perform.

A related technique, salting, protects against time-memory tradeoff attacks and is often used in conjunction with key stretching.

Read more about Key Stretching:  Hash Based Key Stretching, Strength and Time, History, Some Systems That Use Key Stretching

Famous quotes containing the words key and/or stretching:

    I cannot tell what I am as much afraid of, as a woman who invariably washes on Monday. It is a kind of key to character; and if her mouth is not puckered and her brow wrinkled, they will be, unless she repents.
    Jane Grey Swisshelm (1815–1884)

    In the continual enterprise of trying to guide appropriately, renegotiate with, listen to and just generally coexist with our teenage children, we ourselves are changed. We learn even more clearly what our base-line virtues are. We listen to our teenagers and change our minds about some things, stretching our own limits. We learn our own capacity for flexibility, firmness and endurance.
    —Jean Jacobs Speizer. Ourselves and Our Children, by Boston Women’s Health Collective, ch. 4 (1978)