This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author april
Recipients april, christian.heimes, docs@python, illia-v, rhettinger
Date 2022-01-24.22:42:03
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1643064124.02.0.347614010569.issue42982@roundup.psfhosted.org>
In-reply-to
Content
Django uses 390,000 iterations as of late 2021, as does the Python Cryptography project. We should be aligned with their recommendations, or at least a good deal closer than we are now.

390,000 actually makes it a conservative recommendation for key derivation, as that number of rounds takes ~133ms to compute on my M1 versus 36ms. Usually you're shooting for ~250ms.

Being off by ~50% is probably okay, being off by this much is considerably worse.

Anyways, I'd be happy to make such a PR if folks are amenable to it.
History
Date User Action Args
2022-01-24 22:42:04aprilsetrecipients: + april, rhettinger, christian.heimes, docs@python, illia-v
2022-01-24 22:42:04aprilsetmessageid: <1643064124.02.0.347614010569.issue42982@roundup.psfhosted.org>
2022-01-24 22:42:04aprillinkissue42982 messages
2022-01-24 22:42:03aprilcreate