owner-namedroppers@ops.ietf.org wrote on 10/12/2006 11:41:23 AM:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> As I said during the NSEC3 workshop, the stated need for iterations is
> o To be able to differentiate the hashing (like the salt), to avoid
> collisions.
> o To make offline dictionary attacks much more expensive. It is
> relatively easy to obtain a relatively large part of the NSEC3 chain (by
> random probing for NXDOMAIN responses). The iterations field count will
> prohibit quick dictionary attacks, it says in the draft.
>
> The iterations field, as it would be used to defend against dictionary
> attacks, thus has to increase as computing power increases. If computing
> power doubles, iterations has to double to provide the same protection.
> A 16 bit field can only double 16 times. Depending on how long you think
> it takes for computing power to be 16x as powerful, at that time the
> iterations field will be 'too small' to provide the same level of
> defense against dictionary attacks. To allow for further growth, a
> longer bitfield may be prudent.
>
> A reply at the workshop was that a new hash algorithm, the '1024x SHA-1'
> (or something along those lines) algorithm can be defined in that event,
> that would provide an extension for the iterations field.
>
> An alternative could be to use the iterations field as 15bit, and use
> the high 16th bit to denote a 256x increase in value. This results in
> the same range of values for iterations as before (albeit with less
> granularity).
>
> Note I am only discussing the 16-bit iterations. Flags field is fine.
>
> I also have not met people that voiced a high iterations count was
> important to their interests.


I propose we use the iterations value to represent a power of 2. Since we
don't want X to be too high to be useless, we can use 5 bits to express X.
The highest possible iterations value is now 2^31 which is already higher
than the current max value (so I guess 4 bits will do as well). The rest
of the bits can be used as flags.

I can't really imagine a case where 2^X is too low, while 2^(X+1) is too
high.

This should be moore's law safe for another 45 years and uses a single
octet for both flags and iterations.

Roy

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: