[cryptography] is there an interation-incremental version of PBKDF2?

travis+ml-rbcryptography at subspacefield.org travis+ml-rbcryptography at subspacefield.org
Thu Sep 9 14:06:01 EDT 2010


On Wed, Sep 08, 2010 at 08:37:20PM -0700, Chris Palmer wrote:
> Jon Callas already hinted at the real solution. Don't be clever. When you
> change your policy, add code that updates the user's password hash upon next login.

I understand your point, but I think it's fair to ask "can we do
better?"

Your implication is, "don't try, don't even discuss trying".

I think that's a cop out, intellectually lazy, and boring; but sure,
it avoids the risks associated with any change.

> Understandable, testable, safe.

When 25% of your users never log in again, I would add "...for small
values of safe".
-- 
I find your ideas intriguing and would like to subscribe to your newsletter.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20100909/81b69a13/attachment.asc>


More information about the cryptography mailing list