Project

General

Profile

Actions
Copy link

Improvements #13041

open

Change bcrypt iterations according to ASVS standards

Added by Matthias Van Ceulebroeck 6 days ago. Updated 5 days ago.

Status:
Review
Priority:
Normal
Assignee:
-
Target version:
4.11.2
Start date:
09/13/2024
Due date:
% Done:

0%

Estimated time:

Description

The ASVS indicates that a minimum of 10 iterations ought to be used.
This is the absolutely minimum currently, and we should probably already ensure we use more iterations than this.

The BCryptTest can be extended, such that it loops over a number of iterations (say [5,15]). We can take a sweet spot as the new default there (as indicated with a minimum of 10).

Actions
Copy link
 #1

Updated by Romain Mardulyn 5 days ago

  • Status changed from New to InProgress
Actions
Copy link
 #2

Updated by Romain Mardulyn 5 days ago

  • Status changed from InProgress to Review
Actions
Copy link
 #3

Updated by Romain Mardulyn 5 days ago

  • Assignee deleted (Romain Mardulyn)
Actions
Copy link

Also available in: Atom PDF