On Thu, 10 Dec 2009 09:50:31 +1300
Peter Gutmann <pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz> wrote:
I would support a move to PBKDF2 because it's widely supported,
including the all-important PKCS #11 for hardware devices. As for
the other two, please, not another homebrew format that requires
custom implementation support every time it's used...
I don't think implementation difficulties are of primary concern. Both
bcrypt and scrypt have high-quality BSD-licensed C implementations,
which means they can easily be integrated into all the major PGP
implementations. The more important question surrounding them is
whether they've been adequately vetted to be considered for
standardization. My gut reaction for bcrypt is a hesitant yes, while
for scrypt it's an unhappy no (unhappy in the sense that I love
the idea behind scrypt and wish that the crypto community was
giving it more attention). But I think adding PBKDF2 is a no-brainer if
we make any changes at all to that section of the specification.
--
Daniel Franke df(_at_)dfranke(_dot_)us http://www.dfranke.us
|----| =|\ \\\\
|| * | -|-\--------- Man is free at the instant he wants to be.
-----| =| \ /// --Voltaire