1.4.6 Key Stretching & Blockchain
Key stretching and blockchain technologies provide essential defense-in-depth by increasing the computational cost of attacks and ensuring the integrity of distributed data.
Key Stretching Key stretching is a cryptographic technique used to make a weak password more secure against brute-force and dictionary attacks by putting it through a Key Derivation Function (KDF). This process intentionally increases the time and resources required to verify a password, making it prohibitively expensive for attackers to test millions of iterations.
- Computational Overhead: By repeating hashing processes thousands of times, defenders force an attacker to match that same overhead for every single guess.
- PBKDF2 (Password-Based Key Derivation Function 2): Uses a very long salt and a pseudo-random function (like HMAC) with many iterations. It is widely used in operating systems and Wi-Fi security.
- bcrypt: Based on the Blowfish cipher, it incorporates a salt to protect against rainbow table attacks and includes an "adaptive cost" factor to increase the number of iterations over time as hardware becomes faster.
Key Exchange and Scaling Managing how keys are distributed is a critical security challenge, especially when comparing symmetric and asymmetric systems.
- Symmetric Limitations: Symmetric encryption is fast (low latency) but scales poorly (n(n-1)/2 keys). If 100 people need private 1-to-1 communication, they need 4,950 keys.
- Out-of-Band Exchange: Because the same key is used for encryption and decryption, it must be shared securely via a different channel (e.g., in-person or via a secure token) to avoid interception.
- Asymmetric Solution: Eliminates the exchange problem. Users share their Public Key openly; only the corresponding Private Key (kept secret) can decrypt the data. This provides high scalability for large environments like the Internet.
Blockchain and Distributed Ledgers Blockchain technology leverages hashing and asymmetric encryption to create a secure, immutable record of transactions.
- Distributed Ledger: A decentralized database where every participant has a copy. This prevents a single point of failure and makes the data resilient to tampering.
- Immutability: Each "block" contains the hash of the previous block. If a single bit of data is changed in an old block, all subsequent hashes become invalid, making unauthorized changes immediately detectable.
- Proof of Work (PoW): Similar to key stretching, PoW requires miners to perform complex hash calculations to add new blocks, securing the network through computational effort.
Quick recall - PBKDF2/bcrypt: Trigger words for Key Stretching and Salting. - Symmetric Keys: Fastest performance but highest "Key Distribution" difficulty. - Asymmetric Keys: Solves key exchange; Public key encrypts, Private key decrypts. - Blockchain: Uses hashing to provide data integrity and non-repudiation in a decentralized manner.