Improvements #13041: Change bcrypt iterations according to ASVS standards - Wt - Redmine

Actions

Improvements #13041

closed

Change bcrypt iterations according to ASVS standards

Added by Matthias Van Ceulebroeck 2 months ago. Updated 16 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Romain Mardulyn

Target version:

Start date:

09/13/2024

Due date:

% Done:

100%

Estimated time:

Description

The ASVS indicates that a minimum of 10 iterations ought to be used.
This is the absolutely minimum currently, and we should probably already ensure we use more iterations than this.

The BCryptTest can be extended, such that it loops over a number of iterations (say [5,15]). We can take a sweet spot as the new default there (as indicated with a minimum of 10).

Actions

#1

Updated by Romain Mardulyn 2 months ago

Status changed from New to InProgress

Actions

#2

Updated by Romain Mardulyn 2 months ago

Status changed from InProgress to Review

Actions

#3

Updated by Romain Mardulyn 2 months ago

Assignee deleted (~~Romain Mardulyn~~)

Actions

#4

Updated by Matthias Van Ceulebroeck 28 days ago

Target version changed from 4.11.2 to 4.11.1

Actions

#5

Updated by Matthias Van Ceulebroeck 17 days ago

Status changed from Review to Implemented @Emweb
Assignee set to Romain Mardulyn
% Done changed from 0 to 100

Actions

#6

Updated by Matthias Van Ceulebroeck 16 days ago

Status changed from Implemented @Emweb to Implemented @Test

Actions

#7

Updated by Matthias Van Ceulebroeck 16 days ago

Status changed from Implemented @Test to Closed

Actions

Also available in: Atom PDF