Skip to main content
SpringerLink
Log in

Using Spritz as a Password-Based Key Derivation Function

  • Conference paper
  • First Online:
International Joint Conference SOCO’16-CISIS’16-ICEUTE’16 (SOCO 2016, CISIS 2016, ICEUTE 2016)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 527))

Abstract

Even if combined with other techniques, passwords are still the main way of authentication in many services and systems. Attackers can usually test many passwords very quickly when using standard hash functions, so specific password hashing algorithms have been designed to slow down brute force attacks.

Spritz is a sponge-based stream cipher intended to be a drop-in replacement for RC4. It is more secure, more complex and more versatile than RC4. Since it is based on a sponge function, it can be employed for other applications like password hashing.

In this paper we build upon Spritz to construct a password hashing algorithm and study its performance and suitability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponge functions (2011). http://sponge.noekeon.org/

  2. Biryukov, A., Dinu, D., Khovratovich, D.: Argon2: the memory-hard function for password hashing and other applications. In: Password Hashing Competition Winner (2016). https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf

  3. Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001). doi:10.1007/3-540-45537-X_1

    Chapter  MATH  Google Scholar 

  4. Forler, C., Lucks, S., Wenzel, J.: The Catena Password-Scrambling Framework. Version 3.2, Bauhaus-Universitt Weimar (2015). https://www.uni-weimar.de/fileadmin/user/fak/medien/professuren/Mediensicherheit/Research/Publications/catena-v3.2.pdf

  5. Hellman, M.E.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theory 26(4), 401–406 (1980)

    Article  MathSciNet  MATH  Google Scholar 

  6. Kaliski, B.: PKCS #5: Password-Based Cryptography Specification Version 2.0. Internet Engineering Task Force, Network Working Group, Request for Comments (RFC) 2898 (2000). https://tools.ietf.org/html/rfc2898#section-5.2

  7. Klein, A.: Attacks on the RC4 stream cipher. Des. Codes Crypt. 48(3), 269–286 (2008). Springer

    Article  MathSciNet  MATH  Google Scholar 

  8. Paul, G., Maitra, S.: RC4 Stream Cipher and Its Variants. CRC Press, Boca Raton (2012)

    MATH  Google Scholar 

  9. Percival, C.: Stronger key derivation via sequential memory-hard functions. In: BSDCan - The BSD Conference (2009). http://www.bsdcan.org/2009/schedule/attachments/87_scrypt.pdf

  10. Pornin, T.: The MAKWA Password Hashing Function. Version 1.1. Password Hashing Competition finalist (2015). http://www.bolet.org/makwa/makwa-spec-20150422.pdf

  11. Provos, N., Mazieres, D.: A Future-adaptable password scheme. In: USENIX Annual Technical Conference, FREENIX track, pp. 81–91 (1999)

    Google Scholar 

  12. Rivest, R.L.: The RC4 Encryption Algorithm. RSA Data Security Inc. (1992)

    Google Scholar 

  13. Rivest, R.L., Schuldt, J.: Spritz - a spongy RC4-like stream cipher and hash function. In: Presented at CRYPTO 2014 Rump Session (2014). http://people.csail.mit.edu/rivest/pubs/RS14.pdf

  14. Sengupta, S., Maitra, S., Paul, G., Sarkar, S.: RC4: (Non-) random words from (non-) random permutations. IACR Cryptology ePrint Archive 2011:448 (2011)

    Google Scholar 

  15. Simplicio, M.A., Almeida, L.C., Andrade, E.R., dos Santos, P.C.F., Barreto, P.S.L.M.: Lyra2: Password hashing scheme with improved security against time-memory trade-offs. IACR Cryptology ePrint Archive 2015:136 (2015)

    Google Scholar 

  16. Solar Designer: yescrypt - password hashing scalable beyond bcrypt and scrypt. Presented at PHDays 2014. Openwall (2014). http://www.openwall.com/presentations/PHDays2014-Yescrypt/PHDays2014-Yescrypt.pdf

  17. Zoltak, B.: Statistical weakness in Spritz against VMPC-R: in search for the RC4 replacement. IACR Cryptology ePrint Archive 2014:985 (2014)

    Google Scholar 

Download references

Acknowledgments

Research partially supported by the Spanish MINECO and FEDER under Project Grant TEC2014-54110-R.

Author information

Authors and Affiliations

  1. Department of Computer Science and Artificial Intelligence (DCCIA), University of Alicante (Campus de San Vicente), Ap. 99, 03080, Alicante, Spain

    Rafael Álvarez & Antonio Zamora

Authors
  1. Rafael Álvarez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonio Zamora
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rafael Álvarez .

Editor information

Editors and Affiliations

  1. Computational Intelligence Group, University of the Basque Country (UPV/EHU), San Sebastian, Spain

    Manuel Graña

  2. University of the Basque Country, Vitoria, Spain

    José Manuel López-Guede

  3. Computational Intelligence Group, University of the Basque Country (UPV/EHU), San Sebastian, Spain

    Oier Etxaniz

  4. Department of Civil Engineering, University of Burgos, Burgos, Spain

    Álvaro Herrero

  5. University of Salamanca, Salamanca, Spain

    Héctor Quintián

  6. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Álvarez, R., Zamora, A. (2017). Using Spritz as a Password-Based Key Derivation Function. In: Graña, M., López-Guede, J.M., Etxaniz, O., Herrero, Á., Quintián, H., Corchado, E. (eds) International Joint Conference SOCO’16-CISIS’16-ICEUTE’16. SOCO CISIS ICEUTE 2016 2016 2016. Advances in Intelligent Systems and Computing, vol 527. Springer, Cham. https://doi.org/10.1007/978-3-319-47364-2_50

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47364-2_50

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47363-5

  • Online ISBN: 978-3-319-47364-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation