PKCS #5: Password-Based Key Derivation Function 2 (PBKDF2) Test Vectors
|2015-10-14||06||(System)||Notify list changed from firstname.lastname@example.org, email@example.com to (None)|
|2011-01-06||06||Cindy Morgan||State changed to RFC Published from RFC Ed Queue.|
|2011-01-06||06||Cindy Morgan||[Note]: changed to 'RFC 6070'|
|2011-01-06||06||Cindy Morgan||Status Date has been changed to None from 2010-09-14|
|2010-09-28||06||Cindy Morgan||State changed to RFC Ed Queue from Approved-announcement sent by Cindy Morgan|
|2010-09-27||06||(System)||IANA Action state changed to No IC from In Progress|
|2010-09-27||06||(System)||IANA Action state changed to In Progress|
|2010-09-27||06||Amy Vezza||IESG state changed to Approved-announcement sent|
|2010-09-27||06||Amy Vezza||IESG has approved the document|
|2010-09-27||06||Amy Vezza||Closed "Approve" ballot|
|2010-09-24||06||(System)||Removed from agenda for telechat - 2010-09-23|
|2010-09-23||06||Cindy Morgan||State changed to Approved-announcement to be sent from IESG Evaluation by Cindy Morgan|
|2010-09-23||06||Tim Polk||[Ballot Position Update] New position, No Objection, has been recorded by Tim Polk|
|2010-09-23||06||Gonzalo Camarillo||[Ballot Position Update] New position, No Objection, has been recorded by Gonzalo Camarillo|
|2010-09-23||06||Ron Bonica||[Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica|
|2010-09-23||06||Dan Romascanu||[Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu|
|2010-09-22||06||Jari Arkko||[Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko|
|2010-09-22||06||Peter Saint-Andre||[Ballot Position Update] New position, No Objection, has been recorded by Peter Saint-Andre|
|2010-09-22||06||Robert Sparks||[Ballot Position Update] New position, No Objection, has been recorded by Robert Sparks|
|2010-09-22||06||Ralph Droms||[Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms|
|2010-09-22||06||Lars Eggert||[Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert|
|2010-09-22||06||Adrian Farrel||[Ballot Position Update] New position, No Objection, has been recorded by Adrian Farrel|
|2010-09-19||06||Alexey Melnikov||[Ballot Position Update] New position, Yes, has been recorded by Alexey Melnikov|
|2010-09-19||06||Russ Housley||[Ballot Position Update] New position, No Objection, has been recorded by Russ Housley|
|2010-09-18||06||Stewart Bryant||[Ballot Position Update] New position, No Objection, has been recorded by Stewart Bryant|
|2010-09-14||06||Sean Turner||Placed on agenda for telechat - 2010-09-23 by Sean Turner|
|2010-09-14||06||Sean Turner||Status Date has been changed to 2010-09-14 from 2010-08-09 by Sean Turner|
|2010-09-14||06||Sean Turner||State changed to IESG Evaluation from Waiting for AD Go-Ahead by Sean Turner|
|2010-09-14||06||Sean Turner||[Ballot Position Update] New position, Yes, has been recorded for Sean Turner|
|2010-09-14||06||Sean Turner||Ballot has been issued by Sean Turner|
|2010-09-14||06||Sean Turner||Created "Approve" ballot|
|2010-09-14||06||Amy Vezza||State changed to Waiting for AD Go-Ahead from In Last Call by Amy Vezza|
|2010-09-14||06||(System)||New version available: draft-josefsson-pbkdf2-test-vectors-06.txt|
|2010-09-11||06||Samuel Weiler||Request for Last Call review by SECDIR Completed. Reviewer: Carl Wallace.|
|2010-08-20||06||Samuel Weiler||Request for Last Call review by SECDIR is assigned to Carl Wallace|
|2010-08-16||06||Amy Vezza||Last call sent|
|2010-08-16||06||Amy Vezza||State changed to In Last Call from Last Call Requested by Amy Vezza|
|2010-08-16||06||Sean Turner||Last Call was requested by Sean Turner|
|2010-08-16||06||Sean Turner||State changed to Last Call Requested from AD is watching by Sean Turner|
|2010-08-16||06||(System)||Ballot writeup text was added|
|2010-08-16||06||(System)||Last call text was added|
|2010-08-16||06||(System)||Ballot approval text was added|
(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed ...
(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?
Simon Josefsson is the Document Shepherd. He
reviewed the document and believes it is ready.
(1.b) Has the document had adequate review both from key WG
members and from key non-WG members? Does the Document
any concerns about the depth or breadth of the reviews that
have been performed?
The test vectors in the document have been reviewed and confirmed by
three people (including the author) for at least four different
The draft has been brought to the attention of the CFRG:
While the number of people that have reviewed the document isn't
extensive, the quality of the reviews makes me feel confident that the
document is good to go.
(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar
with AAA, internationalization, or XML?
None. The document doesn't define a protocol, it just provides test
vectors, so the essential review is to make sure there aren't errors
in the test vectors. That should be covered already.
(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document,
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has
that it still wishes to advance the document, detail those
concerns here. Has an IPR disclosure related to this
been filed? If so, please include a reference to the
disclosure and summarize the WG discussion and conclusion on
There are no IPR disclosures file for this document or to the RFC 2898
One obvious concern with a document like this would be that if there is
SHA-1 test vectors, it should also contain test vectors for SHA-2.
However, RFC 2898 does not specify any OIDs for non-HMAC-SHA-1 hashes,
and to my knowledge there is no usage of PBKDF2 with SHA-2. Thus,
publishing test vectors at this point 1) does not help anyone because
there is no implementations available, and 2) it would be hard to get
good confidence in SHA-2 test vectors because there are no usage and
implementers. Thus I think it is premature to add SHA-2 to this
One could drive an update of RFC 2898 in parallel to add SHA-2 OIDs,
although I'm not certain there is demand for it. There are no known
attacks on PBKDF2-HMAC-SHA1.
(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand
agree with it?
It is not a WG document, but there are several implementers who have
been helped by this document and others who have reviewed it. I believe
most people agree with the need for a document like this even if they
didn't take time to double check the test vectors themselves.
(1.f) Has anyone threatened an appeal or otherwise indicated
discontent? If so, please summarize the areas of conflict
separate email messages to the Responsible Area Director.
should be in a separate email because this questionnaire is
entered into the ID Tracker.)
None to my knowledge.
(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See
http://tools.ietf.org/tools/idnits/.) Boilerplate checks
not enough; this check needs to be thorough. Has the
met all formal review criteria it needs to, such as the MIB
Doctor, media type, and URI type reviews? If the document
does not already indicate its intended status at the top of
the first page, please indicate the intended status here.
I have gone through these lists and checked everything. Some acronyms
(HMAC and SHA-1) were not expanded on first usage in -02, but I've fixed
that for -03. PKCS is expanded in the abstract and introduction, but
not in the document title, for consistency with RFC 2898 and to avoid
making the title too long.
(1.h) Has the document split its references into normative and
Are there normative references to documents that are not
advancement or are otherwise in an unclear state? If such
normative references exist, what is the strategy for their
completion? Are there normative references that are
references, as described in [RFC3967]? If so, list these
downward references to support the Area Director in the Last
Call procedure for them [RFC3967].
The only non-RFC is NIST's SHA-1 document. I believe it is cited by
many other RFCs already.
On reading -02, i think both HMAC and SHA-1 has to be normative
references. I have fixed this in -03.
(1.i) Has the Document Shepherd verified that the document's IANA
Considerations section exists and is consistent with the
of the document? If the document specifies protocol
extensions, are reservations requested in appropriate IANA
registries? Are the IANA registries clearly identified? If
the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation
procedure for future registrations? Does it suggest a
reasonable name for the new registry? See [RFC2434]. If
document describes an Expert Review process, has the
Shepherd conferred with the Responsible Area Director so
the IESG can appoint the needed Expert during IESG
No IANA action is necessary.
(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly
in an automated checker?
No formal language is used by the document.
(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Write-Up. Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:
This document contains test vectors for the Public-Key Cryptography
Standards (PKCS) #5 Password Based Key Derivation Function 2 (PBKDF2)
with the Hash-based Message Authentication Code (HMAC) Secure Hash
Algorithm (SHA-1) pseudorandom function.
Working Group Summary
This is not the product of a WG.
There are at least four known implementations that confirmed these
Simon Josefsson is the Document Shepherd .
Sean Turner is the sponsoring Area Director.
|2010-08-16||06||Amy Vezza||[Note]: 'Simon Josefsson is the Document Shepherd (firstname.lastname@example.org).' added by Amy Vezza|
|2010-08-15||05||(System)||New version available: draft-josefsson-pbkdf2-test-vectors-05.txt|
|2010-08-15||04||(System)||New version available: draft-josefsson-pbkdf2-test-vectors-04.txt|
|2010-08-10||03||(System)||New version available: draft-josefsson-pbkdf2-test-vectors-03.txt|
|2010-08-09||06||Sean Turner||State changed to AD is watching from Publication Requested by Sean Turner|
|2010-08-09||06||Sean Turner||Draft added in state Publication Requested by Sean Turner|
|2010-08-09||06||Sean Turner||Removed from agenda for telechat by Sean Turner|
|2010-08-05||02||(System)||New version available: draft-josefsson-pbkdf2-test-vectors-02.txt|
|2010-08-04||01||(System)||New version available: draft-josefsson-pbkdf2-test-vectors-01.txt|
|2010-05-15||06||(System)||Document has expired|
|2009-11-11||00||(System)||New version available: draft-josefsson-pbkdf2-test-vectors-00.txt|