Add section on KDFs

2025-02-17 01:26:29 +01:00 · 2023-10-23 12:40:15 +02:00 · 2023-10-23 12:40:15 +02:00 · 0b078830f2
commit 0b078830f2
parent 1ba8ac2884
1 changed files with 9 additions and 0 deletions
--- a/book/source/03-cryptography.md
+++ b/book/source/03-cryptography.md
@ -16,6 +16,15 @@ Here are two important properties of cryptographic hash functions:
 - ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash value, it should be very difficult to determine the original data it represents.
 - ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash value.

+### Key Derivation Functions
+
+Hash functions can also be used to construct [key derivation functions](https://en.wikipedia.org/wiki/Key_derivation_function) (KDF).
+Those can for instance be used to derive symmetric key material from a password by repeatedly feeding it through a hash function.
+
+A prominent example of a KDF which is relevant for the OpenPGP specification is the so-called [HKDF](https://en.wikipedia.org/wiki/HKDF) which is based on the [HMAC](https://en.wikipedia.org/wiki/HMAC) message authentication code.
+
+More information on KDFs and their use in the OpenPGP protocol can be found in chapters XXX (S2K) and YYY (SEIPDv2).
+
 ## Symmetric-key cryptography

 [Symmetric-key cryptography](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) uses the same cryptographic key for both encryption and decryption, unlike asymmetric cryptography where a pair of keys is used: a public key for encryption and a corresponding private key for decryption. Symmetric-key cryptographic systems support *encryption/decryption* operations.