svn rev #24521: branches/camellia-cts-cmac/src/lib/crypto/krb/dk/
ghudson@MIT.EDU
ghudson at MIT.EDU
Wed Nov 17 12:58:03 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24521
Commit By: ghudson
Log Message:
Change the default number of string-to-key iterations for Camellia
enctypes to 32768, up from the AES default of 4096.
Changed Files:
U branches/camellia-cts-cmac/src/lib/crypto/krb/dk/stringtokey.c
Modified: branches/camellia-cts-cmac/src/lib/crypto/krb/dk/stringtokey.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/krb/dk/stringtokey.c 2010-11-16 18:14:43 UTC (rev 24520)
+++ branches/camellia-cts-cmac/src/lib/crypto/krb/dk/stringtokey.c 2010-11-17 17:58:03 UTC (rev 24521)
@@ -101,14 +101,13 @@
}
-#define DEFAULT_ITERATION_COUNT 4096 /* was 0xb000L in earlier drafts */
#define MAX_ITERATION_COUNT 0x1000000L
static krb5_error_code
pbkdf2_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string,
const krb5_data *salt, const krb5_data *pepper,
const krb5_data *params, krb5_keyblock *key,
- enum deriv_alg deriv_alg)
+ enum deriv_alg deriv_alg, unsigned long def_iter_count)
{
unsigned long iter_count;
krb5_data out;
@@ -129,7 +128,7 @@
return KRB5_ERR_BAD_S2K_PARAMS;
}
} else
- iter_count = DEFAULT_ITERATION_COUNT;
+ iter_count = def_iter_count;
/* This is not a protocol specification constraint; this is an
implementation limit, which should eventually be controlled by
@@ -182,7 +181,7 @@
krb5_keyblock *key)
{
return pbkdf2_string_to_key(ktp, string, salt, NULL, params, key,
- DERIVE_RFC3961);
+ DERIVE_RFC3961, 4096);
}
#ifdef CAMELLIA
@@ -196,6 +195,6 @@
krb5_data pepper = string2data(ktp->name);
return pbkdf2_string_to_key(ktp, string, salt, &pepper, params, key,
- DERIVE_SP800_108_CMAC);
+ DERIVE_SP800_108_CMAC, 32768);
}
#endif
More information about the cvs-krb5
mailing list