PKCS #5: Password-Based Cryptography Specification Version 2.0
RFC 2898

Document Type RFC - Informational (September 2000; Errata)
Obsoleted by RFC 8018
Was draft-kaliski-pkcs5-v2 (individual)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf html bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2898 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         B. Kaliski
Request for Comments: 2898                              RSA Laboratories
Category: Informational                                   September 2000

           PKCS #5: Password-Based Cryptography Specification
                              Version 2.0

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   This memo represents a republication of PKCS #5 v2.0 from RSA
   Laboratories' Public-Key Cryptography Standards (PKCS) series, and
   change control is retained within the PKCS process.  The body of this
   document, except for the security considerations section, is taken
   directly from that specification.

   This document provides recommendations for the implementation of
   password-based cryptography, covering key derivation functions,
   encryption schemes, message-authentication schemes, and ASN.1 syntax
   identifying the techniques.

   The recommendations are intended for general application within
   computer and communications systems, and as such include a fair
   amount of flexibility. They are particularly intended for the
   protection of sensitive information such as private keys, as in PKCS
   #8 [25]. It is expected that application standards and implementation
   profiles based on these specifications may include additional
   constraints.

   Other cryptographic techniques based on passwords, such as password-
   based key entity authentication and key establishment protocols
   [4][5][26] are outside the scope of this document.  Guidelines for
   the selection of passwords are also outside the scope.

Kaliski                      Informational                      [Page 1]
RFC 2898              Password-Based Cryptography         September 2000

Table of Contents

   1.   Introduction ...............................................  3
   2.   Notation ...................................................  3
   3.   Overview ...................................................  4
   4.   Salt and iteration count ...................................  6
       4.1  Salt ...................................................  6
       4.2  Iteration count ........................................  8
   5.   Key derivation functions ...................................  8
       5.1  PBKDF1 .................................................  9
       5.2  PBKDF2 .................................................  9
   6.   Encryption schemes ......................................... 11
       6.1  PBES1 .................................................. 12
            6.1.1  Encryption operation ............................ 12
            6.1.2  Decryption operation ............................ 13
       6.2  PBES2 .................................................. 14
            6.2.1  Encryption operation ............................ 14
            6.2.2  Decryption operation ............................ 15
   7.   Message authentication schemes ............................. 15
       7.1  PBMAC1 ................................................. 16
            7.1.1  MAC generation .................................. 16
            7.1.2  MAC verification ................................ 16
   8.   Security Considerations .................................... 17
   9.   Author's Address............................................ 17
   A.   ASN.1 syntax ............................................... 18
       A.1  PBKDF1 ................................................. 18
       A.2  PBKDF2 ................................................. 18
       A.3  PBES1 .................................................. 20
       A.4  PBES2 .................................................. 20
       A.5  PBMAC1 ................................................. 21
   B.   Supporting techniques ...................................... 22
       B.1  Pseudorandom functions ................................. 22
       B.2  Encryption schemes ..................................... 23
       B.3  Message authentication schemes ......................... 26
   C.   ASN.1 module ............................................... 26
   Intellectual Property Considerations ............................ 30
   Revision history ................................................ 30
   References ...................................................... 31
   Contact Information & About PKCS ................................ 33
   Full Copyright Statement ........................................ 34

Kaliski                      Informational                      [Page 2]
Show full document text