Sorry for this ignorant question but I am currently weighing up the advantages a

Question

Sorry for this ignorant question but I am currently weighing up the advantages and disadvantages of BCrypt over PBKDF2 and from what I have read BCrypt is considered more secure but from what I have discovered BCrypt only derives as 248-bit key (Example: E2cP18g8DyWwg3emgpHOaPBZzrcRVrO) and the rest of it is the salt, however I require a 512-bit key so I can split it into two sub-keys on for a AES encryption key and the other for HMAC generation.

Would it be secure to take the sha-512 hash of the key produced by BCrypt and split that or should I just keep using PBKDF2?

Explanation / Answer

Yes you can use bcrypt in this scenario. The output of bcrypt is 192-bits encoded using base-64, giving you 248-bits. Well short of your 512-bit requirement.

What I would recommend you do, if you choose bcrypt, is akin to what was recommended here. Use HMAC instead of SHA-512 of the output of bcrypt. For the reasons why, see this question and answer. It is important to understand though that since the output of crypt is smaller than 256-bits, neither of your keys will have 256-bits of entropy. It sounds like you aren't too worried about that though.

As to bcrypt in this manner vs. simply using PBKDF2 with SHA-512, that depends on what you are worried about. PBKDF2 can more easily be attacked using things like GPUs and FPGAs.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.