Skip Menu |
 

Subject: minimum iteration count for PBKDF2
PBKDF2 for AES and similar enctypes should have a minimum iteration count. It's not clear
whether this needs to be a runtime configuration parameter, instead of a compile-time
parameter.
From: tlyu@mit.edu
Subject: git commit

Enforce minimum PBKDF2 iteration count

Also add a testing interface to allow weak iteration counts.
(Published test vectors use weak iteration counts.)

https://github.com/krb5/krb5/commit/7a7736a3ea321aeb4b281ae2712e27becb00d720
Author: Tom Yu <tlyu@mit.edu>
Commit: 7a7736a3ea321aeb4b281ae2712e27becb00d720
Branch: master
src/lib/crypto/crypto_tests/t_str2key.c | 292 ++++++++++++++++++++++++-------
src/lib/crypto/krb/s2k_pbkdf2.c | 5 +
src/lib/crypto/libk5crypto.exports | 1 +
3 files changed, 233 insertions(+), 65 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Enforce minimum PBKDF2 iteration count

Also add a testing interface to allow weak iteration counts.
(Published test vectors use weak iteration counts.)

(cherry picked from commit 7a7736a3ea321aeb4b281ae2712e27becb00d720)

https://github.com/krb5/krb5/commit/86a5b05e102a70a199262beb1be1870ffc14177e
Author: Tom Yu <tlyu@mit.edu>
Commit: 86a5b05e102a70a199262beb1be1870ffc14177e
Branch: krb5-1.12
src/lib/crypto/crypto_tests/t_str2key.c | 292 ++++++++++++++++++++++++-------
src/lib/crypto/krb/s2k_pbkdf2.c | 5 +
src/lib/crypto/libk5crypto.exports | 1 +
3 files changed, 233 insertions(+), 65 deletions(-)