推荐使用PBKDF2-SHA256时的迭代次数? [英] Recommended # of iterations when using PBKDF2-SHA256?
问题描述
但问题还在,业界目前认为 '是?有哪些参考点可供比较?
我找到了一些参考:
- 2005年2月 - Kerberos 5中的AES默认值为4096轮SHA-1。 (来源:RFC 3962)
- 2010年9月 - ElcomSoft声称iOS 3.x使用2,000次迭代,iOS 4.x使用10,000次迭代,显示BlackBerry使用1 (来源: ElcomSoft )
- 2011年5月 - LastPass使用100,000次迭代的SHA-256(来源: LastPass )
< (来源:RFC 2898)
我想了解有关如何确定有多少次迭代对您的应用程序足够好的任何其他参考或反馈。 / p>
提前感谢...
PS:作为额外的背景,我认为PBKDF2-SHA256方法用于对用于安全意识网站的存储的用户密码进行哈希。我计划的PBKDF2盐是:每个用户随机盐(与每个用户记录清楚存储)与全局盐进行XOR。
参考文献:
b
- RFC 2898:PKCS#5:基于密码的加密规范v2.0
- RFC 3962:Kerberos 5的高级加密标准
- PBKDF2:基于密码的密钥导出功能v2
(已更新为修正格式 - 我的第一篇帖子看起来很漂亮=)
通过IT安全网站:
基本上,你需要测试你自己的服务器,看看它需要多长时间。迭代次数应设置为最高值,同时仍保持可接受的性能。一个好的经验法则是瞄准超过8毫秒。
I'm curious if anyone has any advice or points of reference when it comes to determining how many iterations is 'good enough' when using PBKDF2 (specifically with SHA-256). Certainly, 'good enough' is subjective and hard to define, varies by application & risk profile, and what's 'good enough' today is likely not 'good enough' tomorrow...
But the question remains, what does the industry currently think 'good enough' is? What reference points are available for comparison?
Some references I've located:
- Sept 2000 - 1000+ rounds recommended (source: RFC 2898)
- Feb 2005 - AES in Kerberos 5 'defaults' to 4096 rounds of SHA-1. (source: RFC 3962)
- Sept 2010 - ElcomSoft claims iOS 3.x uses 2,000 iterations, iOS 4.x uses 10,000 iterations, shows BlackBerry uses 1 (exact hash algorithm is not stated) (source: ElcomSoft)
- May 2011 - LastPass uses 100,000 iterations of SHA-256 (source: LastPass)
I'd appreciate any additional references or feedback about how you determined how many iterations was 'good enough' for your application.
Thanks in advance...
PS: As additional background, I'm considering PBKDF2-SHA256 as the method used to hash user passwords for storage for a security conscious web site. My planned PBKDF2 salt is: a per-user random salt (stored in the clear with each user record) XOR'ed with a global salt. The objective is to increase the cost of brute forcing passwords and to avoid revealing pairs of users with identical passwords.
References:
- RFC 2898: PKCS #5: Password-Based Cryptography Specification v2.0
- RFC 3962: Advanced Encryption Standard (AES) Encryption for Kerberos 5
- PBKDF2: Password Based Key Derivation Function v2
(Updated to fix formatting - gotta make my first post look pretty =)
Got a good answer on this question over at the IT Security Site:
Recommended # of Iterations When Using PKBDF2-SHA256
Basically, you need to test your own server and see how long it takes. The number of iterations should be set to the highest value while still maintaining acceptable performance. A good rule of thumb is to aim for more than 8 milliseconds.
这篇关于推荐使用PBKDF2-SHA256时的迭代次数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
