[tahoe-dev] proposal for the Key-Derivation Function for the next generation of caps

Zooko Wilcox-O'Hearn zooko at zooko.com
Tue Aug 11 15:21:08 UTC 2009


I finally finished reading this long and technical paper by Hugo  
Krawczyk about Key-Derivation Functions:


I intend to ask cryptographers if they agree that HKDF is a nice  
strong, efficient way to do it and a good candidate for a future  
standard.  Unless someone raises some major issue against it, let's  
settle on using HKDF (with extraction step using SHA-2-512 truncated  
to 256 bits and expand step using SHA-2-256) for key-derivation  
functions in future versions of Tahoe-LAFS.

Also, my klog today mentions some new research papers which might  
help formalize "semi-private keys".  I haven't read them yet.  I only  
get a few minutes to read each day on the bus to and from work.  :-)



More information about the tahoe-dev mailing list