diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-11-17 17:58:03 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-11-17 17:58:03 +0000 |
| commit | c837edecec949b2b91a92c823b63dad7cb351cb2 (patch) | |
| tree | dcf76f87292e597ae2d67a2b5150cd35d78a3fc5 | |
| parent | 88304c7a2c8b17a69cadde74fecc235c203a25d8 (diff) | |
| download | krb5-c837edecec949b2b91a92c823b63dad7cb351cb2.zip krb5-c837edecec949b2b91a92c823b63dad7cb351cb2.tar.gz krb5-c837edecec949b2b91a92c823b63dad7cb351cb2.tar.bz2 | |
Change the default number of string-to-key iterations for Camellia
enctypes to 32768, up from the AES default of 4096.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-cts-cmac@24521 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/lib/crypto/krb/dk/stringtokey.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/lib/crypto/krb/dk/stringtokey.c b/src/lib/crypto/krb/dk/stringtokey.c index 1732c88..779f51b 100644 --- a/src/lib/crypto/krb/dk/stringtokey.c +++ b/src/lib/crypto/krb/dk/stringtokey.c @@ -101,14 +101,13 @@ cleanup: } -#define DEFAULT_ITERATION_COUNT 4096 /* was 0xb000L in earlier drafts */ #define MAX_ITERATION_COUNT 0x1000000L static krb5_error_code pbkdf2_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string, const krb5_data *salt, const krb5_data *pepper, const krb5_data *params, krb5_keyblock *key, - enum deriv_alg deriv_alg) + enum deriv_alg deriv_alg, unsigned long def_iter_count) { unsigned long iter_count; krb5_data out; @@ -129,7 +128,7 @@ pbkdf2_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string, return KRB5_ERR_BAD_S2K_PARAMS; } } else - iter_count = DEFAULT_ITERATION_COUNT; + iter_count = def_iter_count; /* This is not a protocol specification constraint; this is an implementation limit, which should eventually be controlled by @@ -182,7 +181,7 @@ krb5int_aes_string_to_key(const struct krb5_keytypes *ktp, krb5_keyblock *key) { return pbkdf2_string_to_key(ktp, string, salt, NULL, params, key, - DERIVE_RFC3961); + DERIVE_RFC3961, 4096); } #ifdef CAMELLIA @@ -196,6 +195,6 @@ krb5int_camellia_string_to_key(const struct krb5_keytypes *ktp, krb5_data pepper = string2data(ktp->name); return pbkdf2_string_to_key(ktp, string, salt, &pepper, params, key, - DERIVE_SP800_108_CMAC); + DERIVE_SP800_108_CMAC, 32768); } #endif |