0

Assume I only have only three algorithms available at my disposable: PBKDF2, SHA512, and HMAC-SHA256. (This means I do not have algorithms like HMAC-Expand available.)

Assume I also have a cryptographically secure random 256 bit key. I would like to expand this key to 512 bits, so that I can split this resulting key in half and now have 2 child keys.

The recommended option is to use PBKDF2, but this advice is typically given when stretching a low-entropy, user inputted password. Given that my key is already high-entropy, is there any issue with just using SHA512(key) to expand my key?

The reason I'd rather use SHA512 is that it does not require a salt like PBKDF2 does.

This answer states that it's acceptable to do something like:

child_key_1 = HMAC-256(master_key, "c1")
child_key_2 = HMAC-256(master_key, "c2")

Have I interpreted that answer correctly, and is there a clear winner amongst all my options?

Community
  • 1
Snowman
  • 363
  • 2
  • 7

1 Answers1

3

What you are looking for is a "Key Derivation Function" (KDF). Notice you called out PBKDF - Password Based KDF. One very common KDF (it's even in NIST standards) is to use the shared secret - your "master_key" - to hmac a counter. Your proposal is therefore in line with the standard methods of KDF.

Thomas M. DuBuisson
  • 1,894
  • 15
  • 20