[issue42982] Update suggested number of iterations for pbkdf2_hmac()

[Alex Gaynor]

Alex Gaynor <alex.gaynor at gmail.com> added the comment:

Sticking with 100k is not scientific though ;-) Empiricism is science!

I'm probably the person responsible for Django's process, which is to increase by some % (10% or 20% IIRC) every release.

As you point out, the exact value one should use is a function of context, which we don't have as documentation authors. However, what we can do is try to select a value that's most likely to be practical for many users and will in-turn protect their users data most. 100k isn't that value, and taking inspiration from places that have had their values tested by many users is intuitive to me.

----------
nosy: +alex

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42982>
_______________________________________