PBKDF2 recommended key size?

2019-04-14 06:31发布

问题:

My function is as follows:

pbkdf2($raw_pw,$salt,1000,128)

1000 is the number of passes, and 128 is the key size. The function returns a binary key which I use base64 to store it in the database.

My question is: what's the recommended keysize and salt size for pbkdf2 using sha512?

will a keysize of 32 be just as secure as a keysize of 128?

回答1:

1000 is the number of iterations, not passes. 128 Is the length at the end.

According to Wikipedia http://en.wikipedia.org/wiki/PBKDF2 and my own little knowledge about cryptography you should use more then 128 byte (or 32 as you're asking). The size of the resulting key is equivalent to the chance for a hash collision. Using 256 (as WPA2 does) or 512 should not be a problem, also not a problem for your CPU/memory/whatever.

Also 1000 is, compared to other integrations of pbkdf2, a very small amount of iterations. You can easily use 5000 or 10000 (like iOS4) which might result in something like 10ms more processing time but makes a way more stronger key (see: a possible attacker has also to run the 10k iterations. This might change the time he needs from 1 day to 10 days, or 1 month to almost 1 year).