Re: different default key sizes for CREATE and LUKSFORMAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 19.11.2009, Arno Wagner wrote: 

> If I understand this correctly, this is the "iteration-count" 
> parameter to PBKDF2. If so, then RFC 2898 recommends a minimum 
> count of 1000 anyways.

This has been discussed in various places, and the conclusion was that it
should not be lower than 50.000 iterations. See f.ex. rfc3962 on
implemetation of PBKDF2 for Kerberos5.

> The main purpose of this parameter is to make exhaustive search more expensive.

Yes, it should make bruteforcing a lot more time-expensive.

> I think this should definitely go up to 1000.

I think this should maybe go up to 50.000 or 100.000. 
If I understood all correctly, so should a bump-up to 100.000 not have
much noticeable impact on the main speed either.

Please correct me if I'm wrong.

Thanks,
Heinz.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux