Objective 1.4High Priority8 min read

Key Stretching

Techniques to strengthen weak passwords or keys by applying cryptographic functions multiple times. This makes brute-force attacks computationally expensive. Common algorithms include PBKDF2, bcrypt, scrypt, and Argon2.

Understanding Key Stretching

Key stretching makes password cracking computationally expensive. Instead of hashing a password once, you hash it thousands or millions of times. Each attempt by an attacker must perform the same expensive operation.

The Problem: Users choose weak passwords. A simple hash of "password123" can be cracked in milliseconds.

The Solution: Apply the hash function 100,000+ times. Now cracking takes 100,000× longer. An attack that would take 1 day now takes 274 years.

Key stretching doesn't make passwords stronger—it makes *attacking* them slower. Combined with salting, it's the modern standard for password storage.

Why This Matters for the Exam

SY0-701 tests understanding of key stretching algorithms and when to use them. Questions may ask which technique strengthens weak passwords or which algorithm is designed to be slow.

This concept is critical for password security. Modern password storage should use key stretching functions like bcrypt, not simple hashing like SHA-256. Understanding this helps with authentication and data protection questions.

Key stretching also applies to deriving encryption keys from passwords (for encrypted files, disk encryption, etc.).

Deep Dive

Why Key Stretching Works

Without Key Stretching:

  • Attacker tries 10 billion passwords per second
  • 8-character password cracked in hours

With Key Stretching (100,000 iterations):

  • Same attacker: 100,000 attempts per second
  • Same password: cracked in centuries

The Trade-off:

  • Legitimate login: one extra second (acceptable)
  • Attacker cracking: millions of extra years (not acceptable)

Key Stretching Algorithms

PBKDF2 (Password-Based Key Derivation Function 2)

  • NIST-approved standard
  • Uses HMAC with configurable iterations
  • Configurable output length
  • Iterations: 100,000+ recommended
  • Used in: Wi-Fi WPA2, iOS, .NET

bcrypt

  • Designed specifically for password hashing
  • Built-in salt handling
  • Adaptive: can increase work factor over time
  • Memory-hard (resistant to GPU attacks)
  • Used in: Many web applications, BSD

scrypt

  • Memory-intensive by design
  • Requires large amounts of RAM
  • Resists GPU and ASIC attacks
  • More secure than bcrypt but more complex
  • Used in: Litecoin, some enterprise systems

Argon2

  • Winner of Password Hashing Competition (2015)
  • Three variants: Argon2d, Argon2i, Argon2id
  • Configurable memory, time, and parallelism
  • Current best practice for new implementations
  • Used in: Modern applications, PHC recommendation

Algorithm Comparison

AlgorithmMemory UseGPU ResistanceStatus
PBKDF2LowPoorStandard but dated
bcryptModerateGoodWidely used
scryptHighExcellentVery secure
Argon2ConfigurableExcellentRecommended

How Key Stretching Works

Basic Process:

  • 1.Take password + salt
  • 2.Hash the combination
  • 3.Take result, hash again
  • 4.Repeat thousands of times
  • 5.Final hash is stored

PBKDF2 Example:

  • ```
  • result = HMAC(password, salt)
  • for i in 1 to iterations:
  • result = HMAC(password, result)
  • return result
  • ```

Work Factor / Cost Parameter

Each algorithm has a "work factor" that controls difficulty:

PBKDF2: Iteration count (e.g., 100,000) • bcrypt: Cost factor (e.g., 12 = 2^12 iterations) • scrypt: N (CPU/memory cost), r (block size), p (parallelism) • Argon2: Time, memory, parallelism

Increasing Over Time:

  • Hardware gets faster
  • Increase work factor periodically
  • Re-hash passwords at next login
  • Moore's Law: double work factor every ~2 years

Key Derivation Use Cases

Password Storage

  • Store stretched hash, not plain hash
  • Verify by stretching input and comparing

Encryption Key Derivation

  • Derive strong encryption key from weak password
  • Used in full-disk encryption
  • FileVault, BitLocker, VeraCrypt

Wi-Fi (WPA2-Personal)

  • Derives PMK from passphrase using PBKDF2
  • 4,096 iterations with SSID as salt

How CompTIA Tests This

Example Analysis

Scenario: A web application stores user passwords hashed with SHA-256 (unsalted, single iteration). An attacker steals the database. How could the application have better protected the passwords?

Better Solution: Key Stretching with bcrypt or Argon2

Implementation: • Use bcrypt with cost factor 12+ (or Argon2) • Salt is built into bcrypt • Each hash takes ~250ms instead of microseconds • Attacker's cracking speed reduced by factor of 250,000+

Why NOT just more SHA-256? • SHA-256 is designed to be fast • Even with iterations, GPUs crack it efficiently • bcrypt/scrypt/Argon2 are designed to be slow and memory-hard

Impact: • Original: Attacker cracks 90% of passwords in days • With bcrypt: Attacker gives up or gets only a few passwords over years

Key insight: Password hashing algorithms (bcrypt, Argon2) are different from general-purpose hash functions (SHA-256). Use the right tool for the job.

Key Terms to Know

key stretchingPBKDF2bcryptscryptArgon2password strengtheningkey derivationbrute force protectioniteration count

Common Mistakes to Avoid

Thinking key stretching encrypts passwords—it's still hashing, just MANY times. The password is still one-way transformed, not encrypted.
Using SHA-256 with iterations instead of purpose-built algorithms—bcrypt, scrypt, Argon2 are designed for this purpose and include memory-hardness features.
Setting work factor too low—default settings may be too weak. Modern systems should use high iteration counts.
Forgetting that work factors need updating—as hardware improves, increase work factors. What was secure in 2015 may be weak today.

Exam Tips

Key stretching = Making password hashing intentionally slow to prevent brute-force attacks.
Know the four algorithms: PBKDF2, bcrypt, scrypt, Argon2. Argon2 is the newest/recommended.
PBKDF2 is NIST standard (often in compliance requirements). bcrypt is widely used. Argon2 is modern best practice.
Key stretching works with salting—most implementations include salt handling.
Work factors should increase over time as hardware gets faster.

Memory Trick

"PBSA" - Key Stretching Algorithms

  • PBKDF2 — Standard (NIST approved)
  • Bcrypt — Better (memory-hard)
  • Scrypt — Stronger (very memory-intensive)
  • Argon2 — Advanced (newest, recommended)
  • Purpose Memory:
  • Key stretching STRETCHES the TIME to crack passwords
  • Fast hash → Fast to crack
  • Slow hash → Slow to crack
  • Why Memory Matters:
  • GPUs have little memory but fast processors
  • Memory-hard functions defeat GPU attacks
  • scrypt and Argon2 are memory-hard

Work Factor Memory: More iterations = More work = More time to crack Double hardware speed? Double iterations!

Test Your Knowledge

Q1.What is the PRIMARY purpose of key stretching?

Q2.Which algorithm is currently recommended for password hashing in new applications?

Q3.Why is bcrypt preferred over simple SHA-256 iterations for password storage?

Want more practice with instant AI feedback?

Practice with AI

Continue Learning

Hashing and SaltingEncryption Algorithms and Key Length

Ready to test your knowledge?

Practice questions on key stretching and other Objective 1.4 concepts.

Start Practice
Digital SignaturesBlockchain and Public Ledger