[issue42982] Update suggested number of iterations for pbkdf2_hmac()
Illia Volochii
report at bugs.python.org
Fri Jan 29 16:40:15 EST 2021
Illia Volochii <illia.volochii at gmail.com> added the comment:
> FWIW, OnePass uses 100,000. https://support.1password.com/pbkdf2/
There is a history section on that page. And current 100,000 is ten times more than 1Password used in 2013 when the suggestion was added to the documentation.
> Also, I don't think an additional time factor of 2.5x would make substantial difference in security, but it may make a noticeable difference in user authentication time.
2.5x difference can be substantial if x is hours, days, or years :)
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42982>
_______________________________________
More information about the Python-bugs-list
mailing list