From 17c93dbe451dc185a151d77e5a2b2921e590e4ed Mon Sep 17 00:00:00 2001 From: doug <> Date: Sat, 27 Sep 2014 06:40:07 +0000 Subject: [PATCH] Explain why we deviate slightly from the PBKDF2 standard. This explanation is based off of Ted's site. Also, fix a comment from the SHA-1 version. ok tedu@ --- src/lib/libutil/bcrypt_pbkdf.3 | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/lib/libutil/bcrypt_pbkdf.3 b/src/lib/libutil/bcrypt_pbkdf.3 index b786bf1c..0878c33b 100644 --- a/src/lib/libutil/bcrypt_pbkdf.3 +++ b/src/lib/libutil/bcrypt_pbkdf.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bcrypt_pbkdf.3,v 1.4 2013/06/05 04:01:53 tedu Exp $ +.\" $OpenBSD: bcrypt_pbkdf.3,v 1.5 2014/09/27 06:40:07 doug Exp $ .\" .\" Copyright (c) 2012 Ted Unangst .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 5 2013 $ +.Dd $Mdocdate: September 27 2014 $ .Dt BCRYPT_PBKDF 3 .Os .Sh NAME @@ -37,7 +37,7 @@ The salt value should be randomly generated beforehand. The repeated hashing is designed to thwart discovery of the key via password guessing attacks. The higher the number of rounds, the slower each attempt will be. -.\" A minimum value of at least 1000 is recommended. +.\" A minimum value of at least 4 is recommended. .Sh RETURN VALUES The .Fn bcrypt_pbkdf @@ -64,4 +64,6 @@ function returns 0 to indicate success and \-1 for failure. .Sh CAVEATS This implementation deviates slightly from the PBKDF2 standard by mixing output key bits nonlinearly. +By mixing the output bytes together, we require an attacker to perform +all of the work without taking any shortcuts. .\" .Sh BUGS