SimpleCrypto.net icon indicating copy to clipboard operation
SimpleCrypto.net copied to clipboard

Published 20 hours ago verified publisher icon shawnmclean

Default salt size and iterations

Open haythem opened this issue 10 years ago • 4 comments

First of all i want to thank you for this great and clear implementation. I wanted you just to know that there is no point in having large salts. 16 bytes salt is sufficient. Also 100000 is good if you're using it locally, on a server it will cost a lot. From what i read, in a production environment, you should use 20000 iterations.

haythem avatar Apr 09 '14 12:04 haythem

Awesome, thanks for the information. I'll push an update soon with the changes reflecting this suggestion.

shawnmclean avatar May 05 '14 19:05 shawnmclean

The hashing number changes over time. 100k is the recommended 2016 number.

Terebi42 avatar Jun 01 '16 20:06 Terebi42

Hi @Terebi42, it seems the default Hash Iteration was already 100k. https://github.com/shawnmclean/SimpleCrypto.net/blob/master/src/PBKDF2.cs#L23

shawnmclean avatar Jun 01 '16 22:06 shawnmclean

This comment was meant in reply to the OP by @Haythem which was recommending a decrease to 20k. That advice may have been correct in 2014, but is not now, so I was merely making sure you didn't change away from your good current value.

Terebi42 avatar Jun 01 '16 22:06 Terebi42