Guidance for producing derivative crypto keys

The National Institute of Standards and Technology is seeking comments on draft recommendations for derivation of additional keying material from a secret key using pseudorandom functions.

A secret symmetric encryption key shared by multiple parties can be used to generate additional keys that can be used for other purposes, such as message authentication codes. Or a trusted party can create separate keys for other parties from a single master key. An improperly defined key derivation method can crate keys that are vulnerable to attacks. SP 800-108 specifies several families of key derivation functions that use pseudorandom functions.

A pseudorandom function is the basic building block in constructing a key derivation function in this recommendation. The publication contains a formal description of pseudorandom functions, which produce a variable computationally indistinguishable from a genuine random function defined on the same domain.

Comments on Draft Special Publication 800-108, 'Recommendation for Key Derivation Using Pseudorandom Functions,' should be e-mailed to [email protected], with "Comments on SP800-108" in the subject line. Comments are due by June 28.

IPAA security guidance for comments

NIST also has released a draft revision of Special Publication 800-66, 'An Introductory Resource Guide to Implementing the Health Insurance Portability and Accountability Act Security Rule.' This publication is intended to improve understanding of security terms used in the HIPAA Security Rule and of the security standards set out in the rule. It also directs readers to information in other NIST publications on topics addressed by the rule. The publication does not replace the HIPAA Security Rule.

Comments on the draft of SP 800-66 Revision 1 can be made through June 13 to [email protected] or forwarded to Chief, Computer Security Division, Information Technology Laboratory, Attn: Comments on Draft Special Publication 800-66 Rev. 1, NIST, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected