[cryptography] is there an interation-incremental version of PBKDF2?

travis+ml-rbcryptography at subspacefield.org travis+ml-rbcryptography at subspacefield.org
Wed Sep 8 14:53:59 EDT 2010

So PBKDF2 is pretty cool in many ways, but it has been a while since I
looked at it.

One thing about it that kinda bothers me is that, when examining it, I
couldn't immediately see a way for a system to increment the iteration
count without having the user re-enter a password, since U_x seems
to depend on P.

So, let's say you have a web site with, say, 250M users.  Over time,
compute power increases, and you want to increase the iteration count
of all the hashes in the database, but getting them all to enter their
password again is untenable; there will always be people who logged in
once and never again.

Is there something similar to PBKDF2 that has this property?  Could
there be, or is this a fundamental limitation of the constraints we
want regarding security against offline attacks?
I find your ideas intriguing and would like to subscribe to your newsletter.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20100908/09d13778/attachment.asc>

More information about the cryptography mailing list