Key stretching is sometimes referred to as "key strengthening", although the latter term originally referred to another technique with significantly different security and performance properties (see section 6 of for a comparison).
Key stretching techniques generally work as follows. The initial key is fed into an algorithm that, running on a given speed of processor, takes a known constant time to apply. The algorithm is constructed so that the delay introduced is acceptable to most users, say one second on a typical personal computer. The output is the enhanced key. The enhanced key should be of sufficient size to make it unfeasible to break by brute force (e.g. at least 128 bits). The overall algorithm used should be secure in the sense that there should be no known way of taking a shortcut that would make it possible to calculate the enhanced key in less time (less processor work) than by using the key stretching algorithm itself.
The key stretching process leaves the attacker with two options: either try every possible combination of the enhanced key (infeasible if the enhanced key is long enough), or else try likely combinations of the initial key. In the latter approach, if the initial key is a password or a passphrase, then the attacker would first try every word in a dictionary or common password list and then try all character combinations for longer passwords. Key stretching does not prevent this approach, but the attacker has to spend much more time on each attempt.
If the attacker uses the same class of hardware as the user, each guess will take the same amount of time to process as it took the user (for example, one second). Even if the attacker has much greater computing resources than the user, the key stretching will still slow the attacker down, since the user's computer only has to compute the stretching function once upon the user entering his/her password, whereas the attacker must compute it for every guess in the attack.
There are several ways to perform key stretching. A cryptographic hash function or a block cipher may be repeatedly applied in a loop (see pseudo code below). In applications where the key is used for a cipher, the key schedule (key set-up) in the cipher may be modified so that it takes one second to perform.
A related technique, salting, protects against time-memory tradeoff attacks and is often used in conjunction with key stretching.
Read more about Key Stretching: Hash Based Key Stretching, Strength and Time, History, Some Systems That Use Key Stretching
Famous quotes containing the words key and/or stretching:
“All meanings, we know, depend on the key of interpretation.”
—George Eliot [Mary Ann (or Marian)
“O sleep, O gentle sleep,
Natures soft nurse, how have I frighted thee,
That thou no more wilt weigh my eyelids down
And steep my senses in forgetfulness?
Why rather, sleep, liest thou in smoky cribs,
Upon uneasy pallets stretching thee,
And hushed with buzzing night-flies to thy slumber,
Than in the perfumed chambers of the great,
Under the canopies of costly state,
And lulled with sound of sweetest melody?”
—William Shakespeare (15641616)