Number of pbkdf2 iterations

[savchenko]

• https://github.com/latchset/clevis/blob/eb92459c8bbed6f509fcb333f744fd861e71caf6/src/luks/clevis-luks-common-functions.in#L829
• https://github.com/latchset/clevis/blob/eb92459c8bbed6f509fcb333f744fd861e71caf6/src/luks/clevis-luks-common-functions.in#L789
• https://github.com/latchset/clevis/blob/eb92459c8bbed6f509fcb333f744fd861e71caf6/src/luks/tests/tests-common-functions.in#L73
• https://github.com/latchset/clevis/blob/eb92459c8bbed6f509fcb333f744fd861e71caf6/src/luks/tests/tests-common-functions.in#L97

Is there a reason behind the chosen number of 1000 iterations? OWASP currently recommends:

[...] PBKDF2 with a work factor of 600,000 or more and set with an internal hash function of HMAC-SHA-256.

[sarroutbi]

Reasoning for that numbers are described in next commit: 71596307516ce2367e6303bd7f7ae7b180b29a35

More detailed information here: https://bugzilla.redhat.com/show_bug.cgi?id=1979256

[savchenko]

Got it, thanks.