Key stretching is sometimes referred to as "key strengthening", although the latter term originally referred to another technique with significantly different security and performance properties (see section 6 of for a comparison).
Key stretching techniques generally work as follows. The initial key is fed into an algorithm that, running on a given speed of processor, takes a known constant time to apply. The algorithm is constructed so that the delay introduced is acceptable to most users, say one second on a typical personal computer. The output is the enhanced key. The enhanced key should be of sufficient size to make it unfeasible to break by brute force (e.g. at least 128 bits). The overall algorithm used should be secure in the sense that there should be no known way of taking a shortcut that would make it possible to calculate the enhanced key in less time (less processor work) than by using the key stretching algorithm itself.
The key stretching process leaves the attacker with two options: either try every possible combination of the enhanced key (infeasible if the enhanced key is long enough), or else try likely combinations of the initial key. In the latter approach, if the initial key is a password or a passphrase, then the attacker would first try every word in a dictionary or common password list and then try all character combinations for longer passwords. Key stretching does not prevent this approach, but the attacker has to spend much more time on each attempt.
If the attacker uses the same class of hardware as the user, each guess will take the same amount of time to process as it took the user (for example, one second). Even if the attacker has much greater computing resources than the user, the key stretching will still slow the attacker down, since the user's computer only has to compute the stretching function once upon the user entering his/her password, whereas the attacker must compute it for every guess in the attack.
There are several ways to perform key stretching. A cryptographic hash function or a block cipher may be repeatedly applied in a loop (see pseudo code below). In applications where the key is used for a cipher, the key schedule (key set-up) in the cipher may be modified so that it takes one second to perform.
A related technique, salting, protects against time-memory tradeoff attacks and is often used in conjunction with key stretching.
Famous quotes containing the words key and/or stretching:
“The knight slew the dragon,
The lady was gay,
They rode on together,
—Unknown. This Is the Key (l. 3841)
“There was now no road further, the river being the only highway, and but half a dozen log huts, confined to its banks, to be met with for thirty miles. On either hand, and beyond, was a wholly uninhabited wilderness, stretching to Canada.”
—Henry David Thoreau (18171862)