[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Ned Deily added the comment: New changeset 7dbb2f8eaf07c105f4d2bb0fe61763463e68372d by Miss Islington (bot) in branch '3.10': bpo-42982: update pbkdf2 example & add another link (GH-30966) (#30968) https://github.com/python/cpython/commit/7dbb2f8eaf07c105f4d2bb0fe61763463e68372d --

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Change by miss-islington : -- pull_requests: +29146 pull_request: https://github.com/python/cpython/pull/30968 ___ Python tracker ___

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

miss-islington added the comment: New changeset ace0aa2a2793ba4a2b03e56c4ec375c5470edee8 by Gregory P. Smith in branch 'main': bpo-42982: update pbkdf2 example & add another link (GH-30966) https://github.com/python/cpython/commit/ace0aa2a2793ba4a2b03e56c4ec375c5470edee8 --

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Change by Gregory P. Smith : -- pull_requests: +29145 pull_request: https://github.com/python/cpython/pull/30966 ___ Python tracker ___

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

April King added the comment: The code snippet still uses 10. Given that many people will simply copy-and-paste without questioning, should we update that too? -- ___ Python tracker

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

miss-islington added the comment: New changeset 1ecc98dedb7ae77c2d806a70b52dfecdac39ff5b by Miss Islington (bot) in branch '3.10': bpo-42982: Improve the text on suggested number of iterations of PBKDF2 (GH-24276)

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Gregory P. Smith added the comment: I reworked the PR and went with less specific text and linking to the NIST 800 132 appendix as guidance on how people should determine what is right for them. there is no one right number. it is application specific. thanks for everyone's valuable input!

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Gregory P. Smith added the comment: New changeset 897ce9018775bcd679fb49aa17258f8f6e818e23 by Illia Volochii in branch 'main': bpo-42982: Improve the text on suggested number of iterations of PBKDF2 (GH-24276) https://github.com/python/cpython/commit/897ce9018775bcd679fb49aa17258f8f6e818e23

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Change by miss-islington : -- nosy: +miss-islington nosy_count: 8.0 -> 9.0 pull_requests: +29130 pull_request: https://github.com/python/cpython/pull/30951 ___ Python tracker

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Zachary Ware added the comment: Rather than suggesting an actual number, perhaps we should link to an external resources that covers how to choose the number? Or we leave it vague and say "The number of iterations should be chosen based on the hash algorithm and computing power; there is no

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Alex Gaynor added the comment: Sticking with 100k is not scientific though ;-) Empiricism is science! I'm probably the person responsible for Django's process, which is to increase by some % (10% or 20% IIRC) every release. As you point out, the exact value one should use is a function of

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Christian Heimes added the comment: You are arguing from the perspective of a Django/werkzeug developer and you are using experiential domain knowledge to argue for higher recommendation. I'm asking for a scientific answer. Based on my experience 100k PBKDF2 HMAC-SHA256 rounds is already a

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Paul Kehrer added the comment: NIST provides no official guidance on iteration count other than NIST SP 800-132 Appendix A.2.2, which states "The number of iterations should be set as high as can be tolerated for the environment, while maintaining acceptable performance." I can think of no

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

April King added the comment: Django probably stores and computes more passwords than every other Python framework combined, and it doesn't provide you any control over the number of iterations. And it hasn't for years. If this were truly a problem, wouldn't their users be complaining about

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Christian Heimes added the comment: My question from last year has not been answered yet. Is there any valid scientific research on the number of rounds or duration? I neither know nor do I understand how Django came up with the numbers. PyCA cryptography copied the numbers without

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

April King added the comment: Django uses 390,000 iterations as of late 2021, as does the Python Cryptography project. We should be aligned with their recommendations, or at least a good deal closer than we are now. 390,000 actually makes it a conservative recommendation for key derivation,

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Illia Volochii added the comment: Clock rate is not the only indicator. Some new instructions supporting SHA were introduced during the last decade. https://software.intel.com/content/www/us/en/develop/articles/intel-sha-extensions.html

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Christian Heimes added the comment: PBKDF2-HMAC is a serialized algorithm. It cannot be parallized. That means the runtime depends on single core-performance. The single core-performance of desktop and server CPUs hasn't improved much in the last decade. Modern CPUs have more cores, larger

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Illia Volochii added the comment: > FWIW, OnePass uses 100,000. https://support.1password.com/pbkdf2/ There is a history section on that page. And current 100,000 is ten times more than 1Password used in 2013 when the suggestion was added to the documentation. > Also, I don't think an

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Raymond Hettinger added the comment: FWIW, OnePass uses 100,000. https://support.1password.com/pbkdf2/ Also, I don't think an additional time factor of 2.5x would make substantial difference in security, but it may make a noticeable difference in user authentication time. -- nosy:

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Illia Volochii added the comment: I didn't find any. I think it is based on some benchmarks like `openssl speed sha`. -- ___ Python tracker ___

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Christian Heimes added the comment: Is there any scientific research or mathematical proof for 250,000 iteration? -- nosy: +christian.heimes ___ Python tracker ___

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Change by Illia Volochii : -- keywords: +patch pull_requests: +23099 stage: -> patch review pull_request: https://github.com/python/cpython/pull/24276 ___ Python tracker ___

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

New submission from Illia Volochii : Documentation [1] suggests using at least 100,000 iterations of SHA-256 as of 2013. Currently, it is 2021, and it is common to use much more iterations. For example, Django will use 260,000 by default in the next 3.2 LTS release and 320,000 in 4.0 [2][3].