This is a pretty well understood construct, called hash stretching. The correct implementation is in each (or every 5h, etc) iteration you test if the key is valid by trying to decrypt, then continuing if unsuccessful. That way the attacker has no idea what n is.