This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 23501 - PBKDF2 Parameter Warning?
Summary: PBKDF2 Parameter Warning?
Status: RESOLVED DUPLICATE of bug 25607
Alias: None
Product: Web Cryptography
Classification: Unclassified
Component: Web Cryptography API Document (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 normal
Target Milestone: ---
Assignee: Ryan Sleevi
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-14 19:54 UTC by Harry Halpin
Modified: 2014-09-26 15:03 UTC (History)
2 users (show)

See Also:

Attachments

Description Harry Halpin 2013-10-14 19:54:22 UTC 
(6) For PBKDF2, should some guidance be given as to how to choose the
    number of iterations? If developers set it too high it may be too slow
    on slow user agents. If they set it too low to accommodate all user
    agents it will hurt security.

    (Dan Boneh)

    ---
    Problem with precise numbers recognized, currently between 20,000->200,000

    http://lists.w3.org/Archives/Public/public-webcrypto/2013Sep/0055.html
Comment 1 Mark Watson 2014-09-22 17:36:37 UTC 
This seems to be covered by the more general considerations in 25607. Resolve dup ?
Comment 2 Mark Watson 2014-09-26 15:03:37 UTC 
I'm marking this as a dup of 25607, since it should be addressed there. It's more of a subset than I dup, but we don't have a specific way of saying that in Bugzilla (that I'm aware of).
Comment 3 Mark Watson 2014-09-26 15:03:58 UTC 

*** This bug has been marked as a duplicate of bug 25607 ***