Message411524
Django uses 390,000 iterations as of late 2021, as does the Python Cryptography project. We should be aligned with their recommendations, or at least a good deal closer than we are now.
390,000 actually makes it a conservative recommendation for key derivation, as that number of rounds takes ~133ms to compute on my M1 versus 36ms. Usually you're shooting for ~250ms.
Being off by ~50% is probably okay, being off by this much is considerably worse.
Anyways, I'd be happy to make such a PR if folks are amenable to it. |
|
Date |
User |
Action |
Args |
2022-01-24 22:42:04 | april | set | recipients:
+ april, rhettinger, christian.heimes, docs@python, illia-v |
2022-01-24 22:42:04 | april | set | messageid: <1643064124.02.0.347614010569.issue42982@roundup.psfhosted.org> |
2022-01-24 22:42:04 | april | link | issue42982 messages |
2022-01-24 22:42:03 | april | create | |
|