On Thu, Nov 19, 2009 at 5:41 PM, Arno Wagner <arno@xxxxxxxxxxx> wrote: > If I understand this correctly, this is the "iteration-count" > parameter to PBKDF2. If so, then RFC 2898 recommends a minimum > count of 1000 anyways. This is hovever not protection against > a broken hash, as even a very weak hash should be extremely > hard to break when iterated 10 times. The main purpose of this > parameter is to make exhaustive search more expensive. I think > this should definitely go up to 1000. I'd like to point out that this use of PBKDF2 is is not as a KDF but as a hash function. The recommendations in the RFC 2898 will be from a KDF perspective. The idea of someone doing an exhaustive search in the LUKS mk context seems silly (RNG quality aside) -- Roscoe. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
