Optimal parameters for pbkdf2

K

kobezzza2013-08-21 18:39:02

Node.js

kobezzza, 2013-08-21 18:39:02

I use pbkdf2 to hash user passwords on the site. But I do not quite understand what should be the optimal input parameters for this function: now I have set 1 thousand iterations and the key length is 512. Is this normal or not?

Hash generation source code along with salt (node.js):

crypto.randomBytes(32, (err, buf) => {
  if (err) {
    return callback(err, null);
  }

  crypto.pbkdf2(password, buf, 1e3, 512, (err, encodedPassword) => {
    if (err) {
      return callback(err, null);
    }

    callback(null, {password: encodedPassword, salt: buf});
  });
});

Thanks in advance!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

@

@ntkt, 2013-08-22
@kobezzza

Optimal by what criterion? :)
First, try to understand who we are protecting ourselves from and what we are ready to sacrifice.
If you need specific recommendations, then open, for example, NIST SP800-132 “Recommendation for Password-Based Key Derivation”, chapter “A2. PBKDF"
csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
Or you can read the same things here, for example: www.ietf.org/rfc/rfc2898.txt

Do you have 32 bytes of salt? Then everything is fine. The speed of calculation inside the system does not depend much on the length of the salt, but it will be much worse for the attacker than if the salt were, say, 32 bits.

Looking further: the number of iterations in PBKDF, roughly speaking, linearly increases the complexity of the attack.
Therefore, we make a benchmark and set as many iterations as we like. 1000 was recommended for a long time (2000), now they put more - 10000, etc.