Content deleted Content added
→History: more care Tags: Reverted Mobile edit Mobile web edit |
m Reverted edit by 176.29.2.97 (talk) to last version by Bugghost |
||
Line 15:
Modern password-based key derivation functions, such as [[PBKDF2]] (specified in RFC 2898), are based on a recognized cryptographic hash, such as [[SHA-2]], use more salt (at least 64 bits and chosen randomly) and a high iteration count. NIST recommends a minimum iteration count of 10,000.<ref name=sp800-63B>{{cite book | title = SP 800-63B-3 – Digital Identity Guidelines, Authentication and Lifecycle Management | publisher = NIST | date = June 2017 | doi=10.6028/NIST.SP.800-63b | author=Grassi Paul A.}}</ref>{{rp|5.1.1.2}}
"For especially critical keys, or for very powerful systems or systems where user-perceived performance is not critical, an iteration count of 10,000,000 may be appropriate.”
<ref name=sp800-132>{{cite book |url=http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf| title = SP 800-132 – Recommendation for Password-Based Key Derivation, Part 1: Storage Applications | publisher = NIST | date = December 2010 | doi=10.6028/NIST.SP.800-132 | author=Meltem Sönmez Turan, Elaine Barker, William Burr, and Lily Chen| s2cid = 56801929 }}</ref>{{rp|5.2}}
== Key derivation ==
| |||