[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SCRAM minimum PBKDF#2 iteration count

To: ietf-sasl@xxxxxxx
Subject: SCRAM minimum PBKDF#2 iteration count
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Mon, 09 Mar 2009 21:51:29 +0100
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.90 (gnu/linux)

SCRAM currently contains:

      Servers SHOULD announce a hash iteration-count of at least 128.

I believe this is too low.  RFC 2898 (PKCS#5), an almost 10 year old
document contains:

   the difficulty of attack. For the methods in this document, a minimum
   of 1000 iterations is recommended. This will increase the cost of

A more recent document that uses PBKDF#2 is RFC 3962, published 2005,
and it uses a default of 4096 iterations.

There is a difference between a minimum value, and a default value.
Still, I believe we could reasonable suggest a minimum value of 4096
iterations for SCRAM.

Thoughts?

/Simon

Follow-Ups:
- Re: SCRAM minimum PBKDF#2 iteration count
  - From: Jeffrey Hutzelman
- Re: SCRAM minimum PBKDF#2 iteration count
  - From: Alexey Melnikov

Prev by Date: SCRAM as GSS-API mechanism
Next by Date: Re: SCRAM minimum PBKDF#2 iteration count
Previous by thread: SCRAM as GSS-API mechanism
Next by thread: Re: SCRAM minimum PBKDF#2 iteration count
Index(es):
- Date
- Thread