[cryptography] is there an interation-incremental version of PBKDF2?

Jon Callas jon at callas.org
Fri Sep 10 00:12:30 EDT 2010


On Sep 9, 2010, at 11:06 AM, travis+ml-rbcryptography at subspacefield.org wrote:

> * PGP Signed by an unknown key
> 
> On Wed, Sep 08, 2010 at 08:37:20PM -0700, Chris Palmer wrote:
>> Jon Callas already hinted at the real solution. Don't be clever. When you
>> change your policy, add code that updates the user's password hash upon next login.
> 
> I understand your point, but I think it's fair to ask "can we do
> better?"
> 
> Your implication is, "don't try, don't even discuss trying".
> 
> I think that's a cop out, intellectually lazy, and boring; but sure,
> it avoids the risks associated with any change.

You know, the last time someone said to me that SHA-1 was slow and so they wanted to design their own hash function that would be fast, that's exactly what they said when I told them that designing crypto is hard and that even the experts don't do so without consultation of lots of other experts.

They said that all they were saying was "can we do better?" (except they put it in boldface).

I did not say back, "Have at it, dude." But I will say that to you.

Have at it, dude.

	Jon




More information about the cryptography mailing list