IETF Logo Mail Archive

Re: [kitten] [IANA #748877] please review SASL-SCRAM-256

Russ Allbery <eagle@eyrie.org> Fri, 11 April 2014 03:36 UTC

Return-Path: <eagle@eyrie.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1139C1A001D for <kitten@ietfa.amsl.com>; Thu, 10 Apr 2014 20:36:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EOizNUPXgDFz for <kitten@ietfa.amsl.com>; Thu, 10 Apr 2014 20:35:56 -0700 (PDT)
Received: from smtp.stanford.edu (smtp3.Stanford.EDU [171.67.219.83]) by ietfa.amsl.com (Postfix) with ESMTP id CF6171A042D for <kitten@ietf.org>; Thu, 10 Apr 2014 20:20:34 -0700 (PDT)
Received: from smtp.stanford.edu (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 9B25B102130; Thu, 10 Apr 2014 20:20:12 -0700 (PDT)
Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.67.225.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.stanford.edu (Postfix) with ESMTPS id DF2D0102085; Thu, 10 Apr 2014 20:20:11 -0700 (PDT)
Received: by windlord.stanford.edu (Postfix, from userid 1000) id 4098C2F71A; Thu, 10 Apr 2014 20:20:10 -0700 (PDT)
From: Russ Allbery <eagle@eyrie.org>
To: Tony Hansen <tony@att.com>
In-Reply-To: <53475A88.3060202@att.com> (Tony Hansen's message of "Thu, 10 Apr 2014 22:59:20 -0400")
Organization: The Eyrie
References: <RT-Ticket-748877@icann.org> <5319DE8B.1030202@att.com> <rt-4.0.8-12541-1394569374-953.748877-9-0@icann.org> <20140312162849.152e924b@latte.josefsson.org> <20140411001759.3d89cfb5@latte.josefsson.org> <CAKHUCzxxbABfJDR8JZ5evHXFHmsBvqVdHTX0QLg4ONsqNKgk5g@mail.gmail.com> <53475A88.3060202@att.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
Date: Thu, 10 Apr 2014 20:20:10 -0700
Message-ID: <87d2goa6xh.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/vCCYT0ASVyG_wbfq43UfMFw2h_g
Cc: kitten@ietf.org
Subject: Re: [kitten] [IANA #748877] please review SASL-SCRAM-256
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Apr 2014 03:36:01 -0000

Tony Hansen <tony@att.com> writes:

> OK, I figured it was worth trying to do it this way. I'll start the RFC
> process.

> Dave, a question for you: What do you think a better minimum iteration
> count should be for SCRAM-SHA-256? Why should it be any different than
> the value specified for SCRAM-SHA-1 (4096)?

It might be worth considering increasing the minimum iteration count to
something that takes appreciable time on modern hardware.  I've not tested
SCRAM-SHA-256, but PBKDF2 with SHA-256 requires around 15,000 rounds to
take 0.1 seconds on a typical desktop system.

-- 
Russ Allbery (eagle@eyrie.org)              <http://www.eyrie.org/~eagle/>

v2.30.2 | Report a Bug | By Email | System Status