Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 Dec 2017 22:35:50 -0800
From: Jim Fenton <>
To: Jeffrey Goldberg <>,
Subject: Re: Real world password policies

On 12/07/2017 04:52 PM, Jeffrey Goldberg wrote:
> Thanks. That is nice and to the point.
> Is there any particularly reason you choose PBKDF2 instead of HMAC? There’s
> nothing really wrong with using PBKDF2 here, but it is really just a round about
> way of using HMAC. Furthermore HMAC is in the standard library.

I used PBKDF2 because 800-63B refers to it as "an additional iteration
of a key derivation function" so I coded it that way.

HMAC would be fine too. I hadn't noticed that it was in more of a
mainline library than x/crypto/pbkdf2. And it turns out that pbkdf2
calls hmac, so we could get rid of a dependency here.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ