Guidance for producing derivative crypto keys

The National Institute of Standards and Technology is seeking comments on draft recommendations for derivation of additional keying material from a secret key using pseudorandom functions.

A secret symmetric encryption key shared by multiple parties can be used to generate additional keys that can be used for other purposes, such as message authentication codes. Or a trusted party can create separate keys for other parties from a single master key. An improperly defined key derivation method can crate keys that are vulnerable to attacks. SP 800-108 specifies several families of key derivation functions that use pseudorandom functions.

A pseudorandom function is the basic building block in constructing a key derivation function in this recommendation. The publication contains a formal description of pseudorandom functions, which produce a variable computationally indistinguishable from a genuine random function defined on the same domain.

Comments on Draft Special Publication 800-108, 'Recommendation for Key Derivation Using Pseudorandom Functions,' should be e-mailed to draft-SP800-108-comment@nist.gov, with "Comments on SP800-108" in the subject line. Comments are due by June 28.

IPAA security guidance for comments

NIST also has released a draft revision of Special Publication 800-66, 'An Introductory Resource Guide to Implementing the Health Insurance Portability and Accountability Act Security Rule.' This publication is intended to improve understanding of security terms used in the HIPAA Security Rule and of the security standards set out in the rule. It also directs readers to information in other NIST publications on topics addressed by the rule. The publication does not replace the HIPAA Security Rule.

Comments on the draft of SP 800-66 Revision 1 can be made through June 13 to 800-66comments@nist.gov or forwarded to Chief, Computer Security Division, Information Technology Laboratory, Attn: Comments on Draft Special Publication 800-66 Rev. 1, NIST, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group