diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2012-09-06 19:48:13 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2012-09-06 19:48:13 +0000 |
| commit | 1c077b0571f5b2574fa594de6cd4b5f19ed1b822 (patch) | |
| tree | 7fd2b48d61141570bda095af318f8238cf18338c | |
| parent | 4fc57e5204a74f75e9d197c2c43cef54c8dfd5c2 (diff) | |
some better phrasing, mostly via jsing
| -rw-r--r-- | lib/libutil/pkcs5_pbkdf2.3 | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/libutil/pkcs5_pbkdf2.3 b/lib/libutil/pkcs5_pbkdf2.3 index 7a40737561b..1ddadab9522 100644 --- a/lib/libutil/pkcs5_pbkdf2.3 +++ b/lib/libutil/pkcs5_pbkdf2.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pkcs5_pbkdf2.3,v 1.1 2012/09/06 19:41:59 tedu Exp $ +.\" $OpenBSD: pkcs5_pbkdf2.3,v 1.2 2012/09/06 19:48:12 tedu Exp $ .\" .\" Copyright (c) 2012 Ted Unangst <tedu@openbsd.org> .\" @@ -28,12 +28,14 @@ .Sh DESCRIPTION The .Nm -function converts a password into a key suitable for encryption. +function converts a password into a byte array suitable for use as +encryption key. The password and salt values are combined and repeatedly hashed .Ar rounds times. -The repeated hashing is designed to thwart password guessing attacks from -discovering the key. +The salt value should be randomly generated beforehand. +The repeated hashing is designed to thwart discovery of the key via +password guessing attacks. The higher the number of rounds, the slower each attempt will be. A minumum value of at least 1000 is recommended. .Sh RETURN VALUES |