This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
(6) For PBKDF2, should some guidance be given as to how to choose the number of iterations? If developers set it too high it may be too slow on slow user agents. If they set it too low to accommodate all user agents it will hurt security. (Dan Boneh) --- Problem with precise numbers recognized, currently between 20,000->200,000 http://lists.w3.org/Archives/Public/public-webcrypto/2013Sep/0055.html
This seems to be covered by the more general considerations in 25607. Resolve dup ?
I'm marking this as a dup of 25607, since it should be addressed there. It's more of a subset than I dup, but we don't have a specific way of saying that in Bugzilla (that I'm aware of).
*** This bug has been marked as a duplicate of bug 25607 ***