Actions
Improvements #13041
openChange bcrypt iterations according to ASVS standards
Start date:
09/13/2024
Due date:
% Done:
0%
Estimated time:
Description
The ASVS indicates that a minimum of 10 iterations ought to be used.
This is the absolutely minimum currently, and we should probably already ensure we use more iterations than this.
The BCryptTest can be extended, such that it loops over a number of iterations (say [5,15]). We can take a sweet spot as the new default there (as indicated with a minimum of 10).
Actions