Number of pbkdf2 iterations

[savchenko]

• clevis/src/luks/clevis-luks-common-functions.in

  Line 829 in eb92459

  local pbkdf_args="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"

• clevis/src/luks/clevis-luks-common-functions.in

  Line 789 in eb92459

  local pbkdf_args="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"

• clevis/src/luks/tests/tests-common-functions.in

  Line 73 in eb92459

  --pbkdf-force-iterations 1000 --key-size 512 --batch-mode \

• clevis/src/luks/tests/tests-common-functions.in

  Line 97 in eb92459

  --pbkdf-force-iterations 1000 --key-size 512 --batch-mode \

Is there a reason behind the chosen number of 1000 iterations? OWASP currently recommends:

[...] PBKDF2 with a work factor of 600,000 or more and set with an internal hash function of HMAC-SHA-256.

[sarroutbi]

Reasoning for that numbers are described in next commit:
7159630

More detailed information here:
https://bugzilla.redhat.com/show_bug.cgi?id=1979256

[savchenko]

Got it, thanks.