7ca7930228
* Adding an exception section covering key derivation use cases. * Updating recommended salt length to 256 bits as recommended by NIST * Improve title to make it explicit we don't target KDF * Altered some small points --------- Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com>
19 lines
614 B
Plaintext
19 lines
614 B
Plaintext
=== Exceptions
|
|
|
|
To securely store password hashes, it is a recommended to rely on
|
|
key derivation functions that are computationally intensive. Examples of such
|
|
functions are:
|
|
|
|
* Argon2
|
|
* PBKDF2
|
|
* Scrypt
|
|
* Bcrypt
|
|
|
|
When they are used for password storage, using a secure, random salt is
|
|
required.
|
|
|
|
However, those functions can also be used for other purposes such as master key
|
|
derivation or password-based pre-shared key generation. In those cases, the
|
|
implemented cryptographic protocol might require using a fixed salt to derive
|
|
keys in a deterministic way. In such cases, using a fixed salt is safe and
|
|
accepted. |