Date: Thu, 7 Dec 2017 22:35:50 -0800 From: Jim Fenton <fenton@...epopcorn.net> To: Jeffrey Goldberg <jeffrey@...dmark.org>, passwords@...ts.openwall.com Subject: Re: Real world password policies On 12/07/2017 04:52 PM, Jeffrey Goldberg wrote: > > Thanks. That is nice and to the point. > > Is there any particularly reason you choose PBKDF2 instead of HMAC? There’s > nothing really wrong with using PBKDF2 here, but it is really just a round about > way of using HMAC. Furthermore HMAC is in the standard library. > > https://golang.org/pkg/crypto/hmac/ I used PBKDF2 because 800-63B refers to it as "an additional iteration of a key derivation function" so I coded it that way. HMAC would be fine too. I hadn't noticed that it was in more of a mainline library than x/crypto/pbkdf2. And it turns out that pbkdf2 calls hmac, so we could get rid of a dependency here. -Jim
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.