Re: [kitten] draft-hansen-scram-sha256 and the hash iteration count

Alexey Melnikov <alexey.melnikov@isode.com> Tue, 24 February 2015 17:00 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFB5C1A1B7A for <kitten@ietfa.amsl.com>; Tue, 24 Feb 2015 09:00:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KTqOYkhi_g0a for <kitten@ietfa.amsl.com>; Tue, 24 Feb 2015 08:59:59 -0800 (PST)
Received: from waldorf.isode.com (ext-bt.isode.com [217.34.220.158]) by ietfa.amsl.com (Postfix) with ESMTP id 2F3531A1B30 for <kitten@ietf.org>; Tue, 24 Feb 2015 08:59:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1424797198; d=isode.com; s=selector; i=@isode.com; bh=DjqTVxTRYY7E+O2oXiHuD9UyQ5A5dc6iWwoIQLohlvU=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=eXbw0DZg9+CfFK0z7kNZ04coNe7NyNhmyk8IOjI0MesNIuulEmzJYjXFNDjUI8YcIrfUnp 4CbXJ+XxifGEtdPeEiiFl04TaTssonf4Xi6mZTZy36Ut+tvPy+WaHJ/+z2TcayJrAUiED+ B3vAXqrFy9HgsrKLQ4w+WxAO4cEMLwg=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <VOyuDQBB7WPm@waldorf.isode.com>; Tue, 24 Feb 2015 16:59:58 +0000
Message-ID: <54ECAE08.2090106@isode.com>
Date: Tue, 24 Feb 2015 16:59:52 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
To: Dave Cridland <dave@cridland.net>, Tony Hansen <tony@att.com>
References: <54DC00D0.2050900@cs.tcd.ie> <54EC66FF.50603@cs.tcd.ie> <54ECA7DA.40203@att.com> <CAKHUCzymihrk6QTFHWKG45kLiZkvkk3kasZPWtzTeDcwHn7y-A@mail.gmail.com>
In-Reply-To: <CAKHUCzymihrk6QTFHWKG45kLiZkvkk3kasZPWtzTeDcwHn7y-A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------020002050903010906020406"
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/zXRzF-CEQV4j7-IppS_s52fQTls>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] draft-hansen-scram-sha256 and the hash iteration count
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2015 17:00:01 -0000

On 24/02/2015 16:55, Dave Cridland wrote:
>
> On 24 February 2015 at 16:33, Tony Hansen <tony@att.com 
> <mailto:tony@att.com>> wrote many things...
>
> As a thought, is it not worthwhile to distill all this into a 
> paragraph or two within the Security Considerations, such as:
>
> The strength of this mechanism is dependent in part on the iteration 
> count, as denoted by "i" in [RFC 5802]. As a rule of thumb, the 
> iteration count should be such that a modern machine will take 0.1 
> seconds to perform the complete algorithm; however this is unlikely to 
> be practical on mobile devices and other relatively low-performance 
> systems. At the time this was written, the rule of thumb gives around 
> 15,000 iterations required; however an iteration count of 4096 takes 
> around 0.5 seconds on current mobile handsets. This computational cost 
> can be avoided by caching the ClientKey (assuming the Salt and 
> iteration count is stable).
>
> Therefore the recommendation of this specification is that the 
> iteration count SHOULD be at least 4096, but careful consideration 
> ought to be given to using a significantly higher value, particularly 
> where mobile use is less important.
>
+1.