Jon Callas <jon(_at_)callas(_dot_)org> writes:
I would love to see PBKDF2 in there on the list of things acceptable.
Don't go for PBKDF2, wait for the PHC to conclude (which it will have by the
time any new PGP RFC is ready) and use that. The product of the PHC will be
pretty much the best that we can design at the current time, and I say that
not as propaganda from someone involved in it (although please note the
potential conflict of interest there) but because the designers who have
submitted entries have looked at everything else that's been done and improved
on it, which includes cross-pollinating ideas from other submissions into
their own. The result is going to be a really, really good password-
processing function that's about the best that we can currently design in
terms of working over a wide range of environments while resisting specialised
attacks using GPUs and ASICs. So all that a future PGP RFC needs to do is
leave a hole to slot in the PHC winner.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp