Created on 2021-01-20 20:06 by illia-v, last changed 2021-02-07 20:32 by illia-v.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 24276 | open | illia-v, 2021-01-20 20:16 | |
| Messages (7) | |||
|---|---|---|---|
| msg385365 - (view) | Author: Illia Volochii (illia-v) * | Date: 2021-01-20 20:06 | |
Documentation [1] suggests using at least 100,000 iterations of SHA-256 as of 2013. Currently, it is 2021, and it is common to use much more iterations. For example, Django will use 260,000 by default in the next 3.2 LTS release and 320,000 in 4.0 [2][3]. I suggest suggesting at least 250,000 iterations that is a somewhat round number close to the one used by modern libraries. [1] https://docs.python.org/3/library/hashlib.html#hashlib.pbkdf2_hmac [2] https://github.com/django/django/commit/f2187a227f7a3c80282658e699ae9b04023724e5 [3] https://github.com/django/django/commit/a948d9df394aafded78d72b1daa785a0abfeab48 |
|||
| msg385442 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2021-01-21 19:14 | |
Is there any scientific research or mathematical proof for 250,000 iteration? |
|||
| msg385455 - (view) | Author: Illia Volochii (illia-v) * | Date: 2021-01-21 22:39 | |
I didn't find any. I think it is based on some benchmarks like `openssl speed sha`. |
|||
| msg385939 - (view) | Author: Raymond Hettinger (rhettinger) * |
Date: 2021-01-29 20:59 | |
FWIW, OnePass uses 100,000. https://support.1password.com/pbkdf2/ Also, I don't think an additional time factor of 2.5x would make substantial difference in security, but it may make a noticeable difference in user authentication time. |
|||
| msg385944 - (view) | Author: Illia Volochii (illia-v) * | Date: 2021-01-29 21:40 | |
> FWIW, OnePass uses 100,000. https://support.1password.com/pbkdf2/ There is a history section on that page. And current 100,000 is ten times more than 1Password used in 2013 when the suggestion was added to the documentation. > Also, I don't think an additional time factor of 2.5x would make substantial difference in security, but it may make a noticeable difference in user authentication time. 2.5x difference can be substantial if x is hours, days, or years :) |
|||
| msg385992 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2021-01-30 18:30 | |
PBKDF2-HMAC is a serialized algorithm. It cannot be parallized. That means the runtime depends on single core-performance. The single core-performance of desktop and server CPUs hasn't improved much in the last decade. Modern CPUs have more cores, larger caches, and better IPC. Intel Nehalem architecture from 2009 had up to 3.33 GHz. Fast 2020 Comet Lake CPUs have up to 3.7 GHz base frequence and about 5GHz turbo. |
|||
| msg386605 - (view) | Author: Illia Volochii (illia-v) * | Date: 2021-02-07 20:32 | |
Clock rate is not the only indicator. Some new instructions supporting SHA were introduced during the last decade. https://software.intel.com/content/www/us/en/develop/articles/intel-sha-extensions.html https://software.intel.com/content/www/us/en/develop/articles/improving-openssl-performance.html https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/sha-256-implementations-paper.pdf |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2021-02-07 20:32:14 | illia-v | set | messages: + msg386605 |
| 2021-01-30 18:30:14 | christian.heimes | set | messages: + msg385992 |
| 2021-01-29 21:40:15 | illia-v | set | messages: + msg385944 |
| 2021-01-29 20:59:48 | rhettinger | set | nosy:
+ rhettinger messages: + msg385939 |
| 2021-01-21 22:39:09 | illia-v | set | messages: + msg385455 |
| 2021-01-21 19:14:30 | christian.heimes | set | nosy:
+ christian.heimes messages: + msg385442 |
| 2021-01-20 20:16:38 | illia-v | set | keywords:
+ patch stage: patch review pull_requests: + pull_request23099 |
| 2021-01-20 20:06:39 | illia-v | create | |