On 19.11.2009, Arno Wagner wrote: > If I understand this correctly, this is the "iteration-count" > parameter to PBKDF2. If so, then RFC 2898 recommends a minimum > count of 1000 anyways. This has been discussed in various places, and the conclusion was that it should not be lower than 50.000 iterations. See f.ex. rfc3962 on implemetation of PBKDF2 for Kerberos5. > The main purpose of this parameter is to make exhaustive search more expensive. Yes, it should make bruteforcing a lot more time-expensive. > I think this should definitely go up to 1000. I think this should maybe go up to 50.000 or 100.000. If I understood all correctly, so should a bump-up to 100.000 not have much noticeable impact on the main speed either. Please correct me if I'm wrong. Thanks, Heinz. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
