Re: [kitten] Fwd: I-D Action: draft-hansen-scram-sha256-01.txt
Russ Allbery <eagle@eyrie.org> Sat, 09 August 2014 04:16 UTC
Return-Path: <eagle@eyrie.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 190BA1A0646 for <kitten@ietfa.amsl.com>; Fri, 8 Aug 2014 21:16:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CfTvLTljC4Rn for <kitten@ietfa.amsl.com>; Fri, 8 Aug 2014 21:16:17 -0700 (PDT)
Received: from smtp.stanford.edu (smtp2.Stanford.EDU [171.67.219.82]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AB1B1A0A8B for <kitten@ietf.org>; Fri, 8 Aug 2014 21:16:17 -0700 (PDT)
Received: from codegreen1.stanford.edu (codegreen1.Stanford.EDU [171.67.224.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.stanford.edu (Postfix) with ESMTPS id 31F32341B34 for <kitten@ietf.org>; Fri, 8 Aug 2014 21:16:14 -0700 (PDT)
Received: from codegreen1.stanford.edu (localhost.localdomain [127.0.0.1]) by codegreen1.stanford.edu (Postfix) with ESMTP id 2404084 for <kitten@ietf.org>; Fri, 8 Aug 2014 21:16:14 -0700 (PDT)
Received: from smtp.stanford.edu (smtp1.Stanford.EDU [171.67.219.81]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by codegreen1.stanford.edu (Postfix) with ESMTP id 17A3E84 for <kitten@ietf.org>; Fri, 8 Aug 2014 21:16:14 -0700 (PDT)
Received: from smtp.stanford.edu (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 4C84021767 for <kitten@ietf.org>; Fri, 8 Aug 2014 21:16:09 -0700 (PDT)
Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.67.225.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.stanford.edu (Postfix) with ESMTPS id 497EF21768 for <kitten@ietf.org>; Fri, 8 Aug 2014 21:15:59 -0700 (PDT)
Received: by windlord.stanford.edu (Postfix, from userid 1000) id 506582F573; Fri, 8 Aug 2014 21:15:42 -0700 (PDT)
From: Russ Allbery <eagle@eyrie.org>
To: "kitten@ietf.org" <kitten@ietf.org>
In-Reply-To: <53E58D77.1020100@att.com> (Tony Hansen's message of "Fri, 08 Aug 2014 22:54:47 -0400")
Organization: The Eyrie
References: <20140724224956.3620.25084.idtracker@ietfa.amsl.com> <53D18F6F.1060204@att.com> <53E47603.3080302@oracle.com> <53E58D77.1020100@att.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
Date: Fri, 08 Aug 2014 21:15:42 -0700
Message-ID: <8738d670y9.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/-ZIGgJDTpW5FPW12i2b6f-0LAdE
Subject: Re: [kitten] Fwd: I-D Action: draft-hansen-scram-sha256-01.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Aug 2014 04:16:19 -0000
Tony Hansen <tony@att.com> writes: > On 8/8/14, 3:02 AM, Shawn M Emery wrote: >> I know RFC 3962 calls for 4096 rounds for SHA-1. I haven't heard of >> anything that would make us want to change this. Are there specific >> use-cases for this mechanism that would be negatively affected when >> choosing a higher iteration or is there guidance on policies when using >> this number of iterations or lower? > I am not aware of any guidance on how to choose an appropriate number of > iterations. The rule of thumb that I was told by the CS crypto faculty at Stanford was to use a number of iterations such that string-to-key would take 0.1 seconds on a computer with typical current performance. That may or may not be practical, given... > I do know that we found 4096 iterations to be significant on a handheld > device, and I would *prefer* not raising it any higher. (We would not be > willing to change our existing implementation of scram-sha-256 to a higher > number unless there was a >>really good reason<<.) ...you're already seeing performance issues with 4,096, and my testing showed that meeting that rule of thumb would require at least 14,500 iterations of SHA-2 with PBKDF2. -- Russ Allbery (eagle@eyrie.org) <http://www.eyrie.org/~eagle/>
- [kitten] Fwd: I-D Action: draft-hansen-scram-sha2… Tony Hansen
- Re: [kitten] Fwd: I-D Action: draft-hansen-scram-… Shawn M Emery
- Re: [kitten] Fwd: I-D Action: draft-hansen-scram-… Russ Allbery
- Re: [kitten] Fwd: I-D Action: draft-hansen-scram-… Tony Hansen
- Re: [kitten] Fwd: I-D Action: draft-hansen-scram-… Simon Josefsson
- [kitten] draft-hansen-scram-sha256-02 posted Tony Hansen
- Re: [kitten] draft-hansen-scram-sha256-02 posted Alexey Melnikov
- Re: [kitten] draft-hansen-scram-sha256-02 posted Tony Hansen