Demystifying Key Stretching and PAKEs

Presented at Black Hat USA 2022, Aug. 10, 2022, 11:20 a.m. (40 minutes)

Key stretching can make the difference between recovering a secret nearly instant to nearly impossible, but it has had a fun history with bugs, footguns, and "features". This talk will answer many common questions and myths on key stretching and PAKEs. What to avoid, what to use, minimum safe settings for key stretching, side-channel attacks, and when key stretching is necessary with PAKEs. PAKEs can prevent all sorts of attacks and should be used on encrypted cloud services. Most encrypted cloud services that use a password can greatly benefit from PAKEs. By the end, you'll learn enough to be able to make toy key stretching algorithms and toy PAKEs. Just don't push those toys to prod.


  • Steve Thomas - Independent Researcher,  
    Steve Thomas, aka Sc00bzT, is a cryptography enthusiast and specializes in the defensive side of passwords. His current focus is on PAKEs and key stretching for aPAKEs. He was on the Password Hashing Competition's panel that ultimately picked Argon2. He was able to break two of the submissions with one being fixable. "I do stuff... sometimes."


Similar Presentations: