[cryptography] any reason PBKDF2 shouldn't be used for storing hashed passwords?
jon at callas.org
Wed Aug 15 20:15:38 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
On Aug 15, 2012, at 4:50 PM, travis+ml-rbcryptography at subspacefield.org wrote:
> * PGP Signed by an unknown key
> Any reason PBKDF2 shouldn't be used for (storing) hashed passwords?
My recommendation is that you should use it. It's even got a NIST document, now:
To be the most rigorous, use PBKDF2-HMAC-SHA. It doesn't matter a lot which hash function you're using if you're doing the HMAC version. The major difference will be the number of iterations. SHA2 is slower than SHA1, so you'll use fewer iterations. SHA512 is faster on a 64-bit processor than SHA256, which puts a small wrench in things.
Use lots of iterations. Calibrate them against real time -- enough for 100ms or more, for example, rather than a fixed count. If you're worried, then add more iterations.
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
-----END PGP SIGNATURE-----
More information about the cryptography