Date: Thu, 23 Aug 2012 18:16:19 -0500 From: Jeffrey Goldberg <jeffrey@...dmark.org> To: john-dev@...ts.openwall.com Subject: Re: Mac OS X 10.8 Mountain Lion password hash sample On 2012-08-23, at 12:08 PM, Solar Designer <solar@...nwall.com> wrote: > The http://projects.puppetlabs.com/issues/12833 page mentions several > other iteration counts as well. I wonder if Apple makes the iteration > count random (within some range) and stores the value along with the > hash. Since OS X 10.7 (Lion), Apple included CCCalibratePBKDF() in the CommonCrypto framework. The idea is that the programmer doesn't set the number of iterations, but says how long a time they will accept for key derivation for their program. CCCalibratePBKDF() takes as an argument (among others) a number of milliseconds. The function returns the number of iterations that will meet that requirement on that system. So Apple will be using a calibrated (not random) number of rounds, and those will be stored within the data. See http://developer.apple.com/library/Mac/#documentation/Darwin/Reference/ManPages/man3/CCCalibratePBKDF.3cc.html Also note that the CommonCrypto source is available here: http://www.opensource.apple.com/source/CommonCrypto/CommonCrypto-60026/ Cheers, -j
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.