From 897ce9018775bcd679fb49aa17258f8f6e818e23 Mon Sep 17 00:00:00 2001 From: Illia Volochii Date: Thu, 27 Jan 2022 10:39:09 +0200 Subject: bpo-42982: Improve the text on suggested number of iterations of PBKDF2 (GH-24276) Less specific number wording (as there is no one right number - the old 100k is too big for some applications and woefully small for others). We now link to NIST SP 800-132 to tell people what to read in there on how to decide for their application. Co-authored-by: Gregory P. Smith [Google] --- Doc/library/hashlib.rst | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Doc/library/hashlib.rst b/Doc/library/hashlib.rst index 53320d9..269e8a8 100644 --- a/Doc/library/hashlib.rst +++ b/Doc/library/hashlib.rst @@ -249,8 +249,9 @@ include a `salt `_. a proper source, e.g. :func:`os.urandom`. The number of *iterations* should be chosen based on the hash algorithm and - computing power. As of 2013, at least 100,000 iterations of SHA-256 are - suggested. + computing power. As of 2022, hundreds of thousands of iterations of SHA-256 + are suggested. For rationale as to why and how to choose what is best for + your application, read *Appendix A.2.2* of NIST-SP-800-132_. *dklen* is the length of the derived key. If *dklen* is ``None`` then the digest size of the hash algorithm *hash_name* is used, e.g. 64 for SHA-512. @@ -731,6 +732,7 @@ Domain Dedication 1.0 Universal: .. _SHA-3: https://en.wikipedia.org/wiki/NIST_hash_function_competition .. _ChaCha: https://cr.yp.to/chacha.html .. _pyblake2: https://pythonhosted.org/pyblake2/ +.. _NIST-SP-800-132: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf @@ -754,3 +756,6 @@ Domain Dedication 1.0 Universal: https://www.ietf.org/rfc/rfc8018.txt PKCS #5: Password-Based Cryptography Specification Version 2.1 + + https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf + NIST Recommendation for Password-Based Key Derivation. -- cgit v0.12