In message <87k7ptzhg6.fsf@snark.piermont.com>, "Perry E. Metzger" writes:
>
>itojun@iijlab.net writes:
>> >My suggested algorithm is this:
>> >	s = salt;	/* or s = hmac_sha512(site-specific-string, salt); */
>> >	for (i = 0; i < num_iterations; i++)
>> >		s = hmac_sha512(password, s);
>> 
>> 	hmm.  i see.  we should implement $2$ as openbsd does (there's no need
>> 	to be different), and the above algorithm can become $3$.
>
>the $3$ notion is probably an idea to mention on bsd-api-discuss...
>

My personal preference would be $hmac-sha512$, but I'm not dogmatic 
about that.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)