ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5344/csharp/message.adoc
Gregory Paidis 933189cd8e
Minor cleanup/refactoring on S5344 for C# and Python (#3936) 
* Fix S5344 numbers 100 000 -> 100,000

* Refactor the message for SCrypt.Generate on C#

* Review 1

* Review 1
2024-05-16 14:03:24 +00:00

72 lines
2.0 KiB
Plaintext
Raw Blame History

=== Message
==== .NET Core
For `Microsoft.AspNetCore.Identity`:
When `PasswordHasherOptions.IterationCount` is < 100,000:
> Use at least 10 000 iterations here.
When `PasswordHasherOptions.CompatibilityMode` is set to `PasswordHasherCompatibilityMode.IdentityV2`:
> Identity v2 uses only 1000 iterations. Considers changing to identity V3.
For `Microsoft.AspNetCore.Cryptography.KeyDerivation`:
When `KeyDerivation.Pbkdf2` is called with `iterationCount` < 100,000:
> Use at least 100,000 iterations here.
For `System.Security.Cryptography`:
When Rfc2898DeriveBytes is instantiated with an `iterations` parameter < 100,000.
When Rfc2898DeriveBytes.Pbkdf2 is called with an `iterations` parameter < 100,000.
> Use at least 100,000 iterations here.
When Rfc2898DeriveBytes is instantiated without a `hashAlgorithm` parameter.
> Use at least 100,000 iterations and a state-of-the-art digest algorithm here.
=== .NET framework
For `Microsoft.AspNet.Identity`:
When a `PasswordHasher` is instantiated.
> PasswordHasher does not support state-of-the-art parameters. Use Rfc2898DeriveBytes instead.
When Rfc2898DeriveBytes is instantiated with an `iterations` parameter < 100,000.
> Use at least 100,000 iterations here.
When Rfc2898DeriveBytes is instantiated without a `hashAlgorithm` parameter.
> Use at least 100,000 iterations and a state-of-the-art digest algorithm here.
=== BouncyCastle
For `Org.BouncyCastle.Crypto.Generators.OpenBsdBCrypt`, or `Org.BouncyCastle.Crypto.Generators.BCrypt`:
When `Generate` is called with cost < 12:
> Use a cost factor of at least 12 here.
For `Org.BouncyCastle.Crypto.PbeParametersGenerator`:
When `Init` is called with `iterationCount` < 100,000:
> Use at least 100,000 iterations here.
For `Org.BouncyCastle.Crypto.Generators.SCrypt`:
* When `Generate` is called with N < 2^12:
> Use a cost factor of at least 2^12 for N here.
* When `Generate` is called with r < 8:
> Use a memory factor of at least 8 for r here.
* When `Generate` is called with dkLen < 32:
> Use an output length of at least 32 for dkLen here.
Reference in New Issue View Git Blame Copy Permalink