rspec/rules/S5344/common/fix/bcrypt-parameters.adoc

==== Select the correct Bcrypt parameters

When bcrypt's hashing function is used, it is important to select a round count
that is high enough to make the function slow enough to prevent brute force:
More than 12 rounds.

For bcrypt's key derivation function, the number of rounds should likewise be
high enough to make the function slow enough to prevent brute force: More than
4096 rounds `+(2**12)+`. +
This number is not the same coefficient as the first one because it uses
a different algorithm.
Create rule S5344(python): Passwords should not be stored in plain-text or with a fast hashing algorithm (#3715) 2024-03-18 17:37:51 +01:00			`==== Select the correct Bcrypt parameters`

			`When bcrypt's hashing function is used, it is important to select a round count`
			`that is high enough to make the function slow enough to prevent brute force:`
			`More than 12 rounds.`

			`For bcrypt's key derivation function, the number of rounds should likewise be`
			`high enough to make the function slow enough to prevent brute force: More than`
			4096 rounds `+(2**12)+`. +
			`This number is not the same coefficient as the first one because it uses`
			`a different algorithm.`