[cryptography] is there an interation-incremental version of PBKDF2?
chris at noncombatant.org
Wed Sep 8 23:37:20 EDT 2010
travis+ml-rbcryptography at subspacefield.org writes:
> couldn't immediately see a way for a system to increment the iteration
> count without having the user re-enter a password, since U_x seems
Jon Callas already hinted at the real solution. Don't be clever. When you
change your policy, add code that updates the user's password hash upon next login.
Understandable, testable, safe.
More information about the cryptography