diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2022-01-27 09:01:30 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-27 09:01:30 (GMT) |
| commit | 1ecc98dedb7ae77c2d806a70b52dfecdac39ff5b (patch) | |
| tree | d307a613c31ed5d8b62df3c111a60f39f9d0b93a /Doc/library/hashlib.rst | |
| parent | b3cf525bd1c57a1d3f28fcb90bce364f0bcb2b7d (diff) | |
| download | cpython-1ecc98dedb7ae77c2d806a70b52dfecdac39ff5b.zip cpython-1ecc98dedb7ae77c2d806a70b52dfecdac39ff5b.tar.gz cpython-1ecc98dedb7ae77c2d806a70b52dfecdac39ff5b.tar.bz2 | |
bpo-42982: Improve the text on suggested number of iterations of PBKDF2 (GH-24276)
Less specific number wording (as there is no one right number - the old 100k is too big for some applications and woefully small for others). We now link to NIST SP 800-132 to tell people what to read in there on how to decide for their application.
Co-authored-by: Gregory P. Smith <greg@krypto.org> [Google]
(cherry picked from commit 897ce9018775bcd679fb49aa17258f8f6e818e23)
Co-authored-by: Illia Volochii <illia.volochii@gmail.com>
Diffstat (limited to 'Doc/library/hashlib.rst')
| -rw-r--r-- | Doc/library/hashlib.rst | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/Doc/library/hashlib.rst b/Doc/library/hashlib.rst index 53320d9..269e8a8 100644 --- a/Doc/library/hashlib.rst +++ b/Doc/library/hashlib.rst @@ -249,8 +249,9 @@ include a `salt <https://en.wikipedia.org/wiki/Salt_%28cryptography%29>`_. a proper source, e.g. :func:`os.urandom`. The number of *iterations* should be chosen based on the hash algorithm and - computing power. As of 2013, at least 100,000 iterations of SHA-256 are - suggested. + computing power. As of 2022, hundreds of thousands of iterations of SHA-256 + are suggested. For rationale as to why and how to choose what is best for + your application, read *Appendix A.2.2* of NIST-SP-800-132_. *dklen* is the length of the derived key. If *dklen* is ``None`` then the digest size of the hash algorithm *hash_name* is used, e.g. 64 for SHA-512. @@ -731,6 +732,7 @@ Domain Dedication 1.0 Universal: .. _SHA-3: https://en.wikipedia.org/wiki/NIST_hash_function_competition .. _ChaCha: https://cr.yp.to/chacha.html .. _pyblake2: https://pythonhosted.org/pyblake2/ +.. _NIST-SP-800-132: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf @@ -754,3 +756,6 @@ Domain Dedication 1.0 Universal: https://www.ietf.org/rfc/rfc8018.txt PKCS #5: Password-Based Cryptography Specification Version 2.1 + + https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf + NIST Recommendation for Password-Based Key Derivation. |