[New-bugs-announce] [issue42982] Update suggested number of iterations for pbkdf2_hmac()
Illia Volochii
report at bugs.python.org
Wed Jan 20 15:06:39 EST 2021
New submission from Illia Volochii <illia.volochii at gmail.com>:
Documentation [1] suggests using at least 100,000 iterations of SHA-256 as of 2013.
Currently, it is 2021, and it is common to use much more iterations.
For example, Django will use 260,000 by default in the next 3.2 LTS release and 320,000 in 4.0 [2][3].
I suggest suggesting at least 250,000 iterations that is a somewhat round number close to the one used by modern libraries.
[1] https://docs.python.org/3/library/hashlib.html#hashlib.pbkdf2_hmac
[2] https://github.com/django/django/commit/f2187a227f7a3c80282658e699ae9b04023724e5
[3] https://github.com/django/django/commit/a948d9df394aafded78d72b1daa785a0abfeab48
----------
assignee: docs at python
components: Documentation
messages: 385365
nosy: docs at python, illia-v
priority: normal
severity: normal
status: open
title: Update suggested number of iterations for pbkdf2_hmac()
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42982>
_______________________________________
More information about the New-bugs-announce
mailing list