16 lines
564 B
Plaintext
16 lines
564 B
Plaintext
==== Select the correct PBKDF2 parameters
|
|
|
|
If PBKDF2 must be used, be aware that default values might not be considered
|
|
secure. +
|
|
Depending on the algorithm used, the number of iterations should be adjusted to
|
|
ensure that the derived key is secure. The following are the recommended number
|
|
of iterations for PBKDF2:
|
|
|
|
* PBKDF2-HMAC-SHA1: 1,300,000 iterations
|
|
* PBKDF2-HMAC-SHA256: 600,000 iterations
|
|
* PBKDF2-HMAC-SHA512: 210,000 iterations
|
|
|
|
Note that PBKDF2-HMAC-SHA256 is recommended by NIST. +
|
|
Iterations are also called "rounds" depending on the library used.
|
|
|