Project

General

Profile

Actions

Improvements #13041

closed

Change bcrypt iterations according to ASVS standards

Added by Matthias Van Ceulebroeck 3 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Target version:
Start date:
09/13/2024
Due date:
% Done:

100%

Estimated time:

Description

The ASVS indicates that a minimum of 10 iterations ought to be used.
This is the absolutely minimum currently, and we should probably already ensure we use more iterations than this.

The BCryptTest can be extended, such that it loops over a number of iterations (say [5,15]). We can take a sweet spot as the new default there (as indicated with a minimum of 10).

Actions #1

Updated by Romain Mardulyn 3 months ago

  • Status changed from New to InProgress
Actions #2

Updated by Romain Mardulyn 3 months ago

  • Status changed from InProgress to Review
Actions #3

Updated by Romain Mardulyn 3 months ago

  • Assignee deleted (Romain Mardulyn)
Actions #4

Updated by Matthias Van Ceulebroeck about 2 months ago

  • Target version changed from 4.11.2 to 4.11.1
Actions #5

Updated by Matthias Van Ceulebroeck about 1 month ago

  • Status changed from Review to Implemented @Emweb
  • Assignee set to Romain Mardulyn
  • % Done changed from 0 to 100
Actions #6

Updated by Matthias Van Ceulebroeck about 1 month ago

  • Status changed from Implemented @Emweb to Implemented @Test
Actions #7

Updated by Matthias Van Ceulebroeck about 1 month ago

  • Status changed from Implemented @Test to Closed
Actions

Also available in: Atom PDF