[issue42982] Update suggested number of iterations for pbkdf2_hmac()
New submission from Illia Volochii <illia.volochii@gmail.com>: Documentation [1] suggests using at least 100,000 iterations of SHA-256 as of 2013. Currently, it is 2021, and it is common to use much more iterations. For example, Django will use 260,000 by default in the next 3.2 LTS release and 320,000 in 4.0 [2][3]. I suggest suggesting at least 250,000 iterations that is a somewhat round number close to the one used by modern libraries. [1] https://docs.python.org/3/library/hashlib.html#hashlib.pbkdf2_hmac [2] https://github.com/django/django/commit/f2187a227f7a3c80282658e699ae9b040237... [3] https://github.com/django/django/commit/a948d9df394aafded78d72b1daa785a0abfe... ---------- assignee: docs@python components: Documentation messages: 385365 nosy: docs@python, illia-v priority: normal severity: normal status: open title: Update suggested number of iterations for pbkdf2_hmac() _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue42982> _______________________________________
Change by Illia Volochii <illia.volochii@gmail.com>: ---------- keywords: +patch pull_requests: +23099 stage: -> patch review pull_request: https://github.com/python/cpython/pull/24276 _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue42982> _______________________________________
Christian Heimes <lists@cheimes.de> added the comment: Is there any scientific research or mathematical proof for 250,000 iteration? ---------- nosy: +christian.heimes _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue42982> _______________________________________
Illia Volochii <illia.volochii@gmail.com> added the comment: I didn't find any. I think it is based on some benchmarks like `openssl speed sha`. ---------- _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue42982> _______________________________________
Raymond Hettinger <raymond.hettinger@gmail.com> added the comment: FWIW, OnePass uses 100,000. https://support.1password.com/pbkdf2/ Also, I don't think an additional time factor of 2.5x would make substantial difference in security, but it may make a noticeable difference in user authentication time. ---------- nosy: +rhettinger _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue42982> _______________________________________
Illia Volochii <illia.volochii@gmail.com> added the comment:
FWIW, OnePass uses 100,000. https://support.1password.com/pbkdf2/
There is a history section on that page. And current 100,000 is ten times more than 1Password used in 2013 when the suggestion was added to the documentation.
Also, I don't think an additional time factor of 2.5x would make substantial difference in security, but it may make a noticeable difference in user authentication time.
2.5x difference can be substantial if x is hours, days, or years :) ---------- _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue42982> _______________________________________
Christian Heimes <lists@cheimes.de> added the comment: PBKDF2-HMAC is a serialized algorithm. It cannot be parallized. That means the runtime depends on single core-performance. The single core-performance of desktop and server CPUs hasn't improved much in the last decade. Modern CPUs have more cores, larger caches, and better IPC. Intel Nehalem architecture from 2009 had up to 3.33 GHz. Fast 2020 Comet Lake CPUs have up to 3.7 GHz base frequence and about 5GHz turbo. ---------- _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue42982> _______________________________________
Illia Volochii <illia.volochii@gmail.com> added the comment: Clock rate is not the only indicator. Some new instructions supporting SHA were introduced during the last decade. https://software.intel.com/content/www/us/en/develop/articles/intel-sha-exte... https://software.intel.com/content/www/us/en/develop/articles/improving-open... https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/sh... ---------- _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue42982> _______________________________________
participants (3)
-
Christian Heimes
-
Illia Volochii
-
Raymond Hettinger