rspec/rules/S5344/csharp/message.adoc

=== Message

==== .NET Core

For `Microsoft.AspNetCore.Identity`:
When  `PasswordHasherOptions.IterationCount` is < 10 000:

> Use at least 10 000 iterations here. 

When `PasswordHasherOptions.CompatibilityMode` is set to `PasswordHasherCompatibilityMode.IdentityV2`:

> Identity v2 uses only 1000 iterations. Considers changing to identity V3


For `Microsoft.AspNetCore.Cryptography.KeyDerivation`:
When `KeyDerivation.Pbkdf2` is called with `iterationCount` < 10 000:

> Use at least 10 000 iterations here. 

For `System.Security.Cryptography`:

When Rfc2898DeriveBytes is instantiated with an `iterations` parameter < 10 000.
When Rfc2898DeriveBytes.Pbkdf2 is called with an `iterations` parameter < 10 000.

> Use at least 10 000 iterations here. 

When Rfc2898DeriveBytes is instantiated without a `hashAlgorithm` parameter.

> Use at least 10 000 iterations and a state-of-the-art digest algorithm here. 

=== .NET framework

For `Microsoft.AspNet.Identity`:
When a `PasswordHasher` is instantiated.

> PasswordHasher does not support state of the art parameter. Use Rfc2898DeriveBytes instead.

When Rfc2898DeriveBytes is instantiated with an `iterations` parameter < 10 000.

> Use at least 10 000 iterations here. 

When Rfc2898DeriveBytes is instantiated without a `hashAlgorithm` parameter.

> Use at least 10 000 iterations and a state-of-the-art digest algorithm here. 

=== BouncyCastle

For `Org.BouncyCastle.Crypto.Generators.OpenBsdBCrypt`, or `Org.BouncyCastle.Crypto.Generators.BCrypt`:
When `Generate` is called with cost < 12:

> Use a cost factor of at least 12 here

For `Org.BouncyCastle.Crypto.PbeParametersGenerator`:
When `Init` is called with `iterationCount` < 10 000:

> Use at least 10 000 iterations here. 

For `Org.BouncyCastle.Crypto.Generators.BCrypt`:
When `Generate` is called with N < 2^12, or r < 8:

> Use a cost factor of at least 12 and a memory factor of at least 8 here.