Insights For Success

Strategy, Innovation, Leadership and Security

Encryption methods

What is PBKDF2?

GeneralEdward Kiledjian

You have probably read about PBKDF2 if you have read any article discussing the LastPass hack or reviewing the security of a password manager. For non-technical readers, I wanted to write a quick explanation.

PBKDF2 (Password-Based Key Derivation Function 2) is a widely used method of protecting passwords.

A key derivation function such as PBKDF2 is designed to make it more difficult for an attacker to crack a password, even if they possess the hashed password value. This is accomplished by adding a "work factor," or iteration count, to the password hashing process. Iteration count refers to the number of times the hashing function is applied to the password, making cracking the password much more computationally costly.

PBKDF2 is widely used in a variety of applications, including online services, financial systems, and mobile devices.

With PBKDF2, the user's password is concatenated with a salt and the iteration count, and the result is then hashed using a cryptographic hash function such as SHA-256. The salt, the number of iterations, and the resulting hash value are then stored in a database. Upon logging in, the system uses the same salt, iteration count, and hash function to compare the entered password with the stored hash. The user is granted access if the values match.

It is important to use a strong and unique password and keep the salt and hashed values secure. Even though PBKDF2 is considered a strong method, more advanced key derivation functions such as bcrypt and scrypt are now available and recommended where more stringent security is required.

Keywords: PBKDF2 (Password-Based Key Derivation Function 2), Password protection, Key derivation function, Hashed password, Iteration count, Cryptographic hash function, SHA-256, Password storage, NIST guidelines, Security, Encryption, bcrypt, script, Work factor, Data privacy, Information security

Unlocking the Secrets of ECB and CBC: A Guide to Encryption Methods

GeneralEdward Kiledjian

Cryptography methods such as Electronic Code Book (ECB) and Cipher Block Chaining (CBC) are widely used.

ECB is a simple method of encrypting plaintext by dividing it into fixed-size blocks and encrypting each block independently using the same secret key. In other words, if the same plaintext block appears more than once in the message, it will be encrypted into the same ciphertext block (aka will look the same). The ECB encryption method is relatively easy to implement; however, it can be vulnerable to certain types of attacks, such as pattern recognition.

By contrast, CBC is a more secure encryption method that addresses the weaknesses of ECB. CBC encrypts plaintext blocks using the same key and combines them with the previous ciphertext blocks through an operation called an XOR. Thus, even if the same plaintext block appears multiple times in the message, it will be encrypted to a different ciphertext block each time.

The major difference between ECB and CBC is that ECB encrypts each block independently, whereas CBC encrypts each block with the previous block. CBC is therefore considered more secure and resistant to pattern recognition attacks than ECB.

Implementation of CBC mode requires an initialization vector (IV), which is a random value added to the first plaintext block before encryption. An IV is sent along with an encrypted message, so the receiver can use it to decrypt it.

ECB and CBC are symmetric-key encryption methods, meaning that the same key is used for encryption and decryption. As computing power increases, it becomes increasingly important to use more secure encryption methods, such as AES-GCM or RSA-OAEP.

Keywords: Encryption, ECB (Electronic Code Book), CBC (Cipher Block Chaining), Symmetric-key encryption, AES-GCM, RSA-OAEP, Data security, Pattern recognition attack, Initialization vector (IV), Encryption methods, Data privacy, Information security