[cs631apue] Count of iteration for EVP_BytesToKey
Jan Schaumann
jschauma at stevens.edu
Sat Dec 7 10:10:24 EST 2013
Tejas Nadkarni <tnadkarn at stevens.edu> wrote:
> Can this be arbitrary or is there an optimal? Documentation just says the
> higher the harder it is to crack with brute force but slower the algorithm
> gets? Does it matter for this assignment what we set it to?
Consider that Kerberos, for example, defaults to a rather conservative
4096 rounds[1], while Apple's iOS[2] and the 1Password password
manager[3], for example, use 10K rounds.
But increasing the iteration count comes at a cost, of course. It'd be
useful to do some experimentation to see what values might be
reasonable. Try out 10, 100, 1K, and 10K and see what impact this has
on your program's performance.
See also [4].
-Jan
[1] https://tools.ietf.org/html/rfc3962#section-4
[2] https://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf
[3] http://blog.agilebits.com/2011/12/01/staying-ahead-with-security/
[4] https://www.mail-archive.com/openssl-users@openssl.org/msg55525.html
More information about the cs631apue
mailing list