What is the difference between KDF based on NIST SP800-108 vs. the older one in ANSI X9.63? When should one be selected over the other? Thanks.
Asked
Active
Viewed 2,676 times
3
-
1ANSI X9.63 uses SHA-1, whereas SP800-108 uses PRF based KDF. – kelalaka Nov 26 '18 at 19:12
1 Answers
3
The ANSI X9.63 uses SHA-1 for Key Derivation Function:
Ingredients: The key derivation function employs the hash function SHA-1 specified in Section 5.6.2
NIST SP800-108 uses PRFs:
This Section defines several families of key derivation functions that use PRFs.
First look at their dates;
- 1998 : ANSI X9.63
- 2009 : NIST SP800-108
And, SHA-1 is no longer recomended. So you should prefer NIST SP800-108
There are two other reasons for not to use SHA-1:
- SHA-1 is shattered, you can also read these two articles:
- Reaching $2^{80}$ for the generic birthday attack is not that far since the Bitcoin miners reached $\approx2^{92}$ for SHA256 hashes per year in 06 Agust 2019.
- Also, SHA-256 is approximately 2.2 times slower than SHA-1 on hashcat 2080Ti
Note: Depending on your case, there is also password-based key derivations; as PBKDF2
kelalaka
- 45,607
- 9
- 104
- 179