From b82642c328d98f2aaa1ac17aa0999e69e7152ae8 Mon Sep 17 00:00:00 2001 From: lloyd Date: Thu, 31 May 2012 18:19:43 +0000 Subject: Add new PBKDF interface that takes a std::chrono::milliseconds and runs the KDF until at least that much time has passed, then returns the number of interations used. New parameter to the PKCS8 encryption routines which tells how long to run the PBKDF. Defaults to 200 milliseconds, which is short enough that it is unlikely to bother anyone but long enough to provide quite reasonable security against cracking attacks. On a Core i7-860, 200 ms with PBKDF2/SHA-1 runs about 180K to 220K iterations (compare with previous default of 10K). New PBE interface, remove new_params/set_key and require all inputs including the passphrase to be passed to the constructor. Drop the PGP S2K as it is pretty weird and not really useful outside of a full PGP implementation. Drop the deprecated PKCS8::encrypt_key and PKCS8::encode functions. --- checks/validate.dat | 31 ------------------------------- 1 file changed, 31 deletions(-) (limited to 'checks') diff --git a/checks/validate.dat b/checks/validate.dat index 7b221db49..f50b63547 100644 --- a/checks/validate.dat +++ b/checks/validate.dat @@ -68860,37 +68860,6 @@ A09661392376F7044D9052A397883246B67F5F1EF63EB5FB::24 # PBKDF format: passphrase:output:salt:out_len:iterations -[OpenPGP-S2K(SHA-1)] -666F6F:0BEEC7B5EA3F0FDBC95D0DD47F3C5BC275DA8A335A8CAA4039FDBC02C01A649C::32:0 -616263:A9993E364706816ABA3E25717850C26C9CD0D89DDD3742EC1A4D2A5B563A2B62::32:0 - -666F6F:DFFE49EEC99E3530FF75A794773E1F8429A46835925DAED4A27FA2957BBD29B5:\ -698619A932D101BE:32:0 - -666F6F:8051BB97BB42199330C9D52383D1B56532FF9BDFB180BD2BD61F24A25265639F:\ -EFB0A8DDE02BAB42:32:65536 - -696C696B65706965:A32F874A4CF95DFAD8359302B395455C:2AE6E5831A717917:16:65536 - -666F6F626172:9B1D52CC0DA89C9D85B91EC84B6780FB:AD8FC3C853BBB225:16:65536 - -717765727479:67CACC2B4B6F1B76E620748C1E777070:3891D354B8C86161:16:0 - -4141414141414141414141414141414141414141414141414141414141414141\ -414141414141414141414141414141414141:080316AFB4E11D98120B29D1070CE749::16:0 - -696C6F766573616B757261:109D161363DF1E97322112F82169911A::16:0 - -[OpenPGP-S2K(MD5)] -666F6F626172:\ -3858F62230AC3C915F300C664312C63F26E4AEBF38BF1BB6AD49BA54BCACD9DB::32:0 - -616263646566:99C8FD9A0516337E7C0F71563D937B09B14F7E7B6CB53FB56B5B8137E189DA20:\ -B89343B95A46FECE:32:65536 - -666F6F:CC364F2BC41FACAD36E0D45E581D61F707BA925C982BEF7E:\ -760566702FEE54C8:24:65536 - [PBKDF1(MD2)] 71616C7A73656774:7C1991F3F38A09D70CF3B1ACADB70BC6:\ 40CF117C3865E0CF:16:1000 -- cgit v1.2.3