Consider a service that stores files. Users create accounts, secured by passwords, to access these files. PBE is used to secure the contents of these files.
However, it is desirable to be able to validate passwords. The service cannot simply store the PBE key because possession of that key allows the files to be decoded.
Would it suffice to use another hash function to validate passwords and store that? If so, is there a recommended choice of PBE+hash to prevent mistakes?
