Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 Dec 2017 22:35:50 -0800
From: Jim Fenton <fenton@...epopcorn.net>
To: Jeffrey Goldberg <jeffrey@...dmark.org>, passwords@...ts.openwall.com
Subject: Re: Real world password policies

On 12/07/2017 04:52 PM, Jeffrey Goldberg wrote:
>
> Thanks. That is nice and to the point.
>
> Is there any particularly reason you choose PBKDF2 instead of HMAC? There’s
> nothing really wrong with using PBKDF2 here, but it is really just a round about
> way of using HMAC. Furthermore HMAC is in the standard library.
>
>    https://golang.org/pkg/crypto/hmac/

I used PBKDF2 because 800-63B refers to it as "an additional iteration
of a key derivation function" so I coded it that way.

HMAC would be fine too. I hadn't noticed that it was in more of a
mainline library than x/crypto/pbkdf2. And it turns out that pbkdf2
calls hmac, so we could get rid of a dependency here.

-Jim

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ