Fix iteration_count number typo (OWASP#100)

- Fix number typo - Add details about the non time constant algorithm that will produce different result on different hardware - Add the code example provided in the issue to test iteration count on your own hardware
jurbz2019 · May 9, 2019 · c68280f · c68280f
1 parent 90edc2c
commit c68280f
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 1 deletion.
diff --git a/assets/Password_Storage_Cheat_Sheet_Test_PBKDF2_Iterations.java b/assets/Password_Storage_Cheat_Sheet_Test_PBKDF2_Iterations.java
@@ -0,0 +1,39 @@
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import java.security.SecureRandom;
+
+// PLEASE RENAME THIS FILE TO PBKDF2ItEval.java BEFORE COMPILING.
+public class PBKDF2ItEval {
+
+    public static void main(String[] args) throws Exception {
+        //Initialization
+        SecureRandom rnd = new SecureRandom();
+        byte[] salt = new byte[64];
+        SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
+        char[] password = "mypassword".toCharArray();
+        //Test for 10.000 iterations
+        rnd.nextBytes(salt);
+        PBEKeySpec spec = new PBEKeySpec(password, salt, 10000, 256);
+        long start = System.currentTimeMillis();
+        skf.generateSecret(spec);
+        System.out.printf("Computation time is %s milliseconds for 10.000 iterations with a key size of 256 bits\n", (System.currentTimeMillis() - start));
+        //Test for 100.000 iterations
+        rnd.nextBytes(salt);
+        spec = new PBEKeySpec(password, salt, 100000, 256);
+        start = System.currentTimeMillis();
+        skf.generateSecret(spec);
+        System.out.printf("Computation time is %s milliseconds for 100.000 iterations with a key size of 256 bits\n", (System.currentTimeMillis() - start));
+        //Test for 500.000 iterations
+        rnd.nextBytes(salt);
+        spec = new PBEKeySpec(password, salt, 500000, 256);
+        start = System.currentTimeMillis();
+        skf.generateSecret(spec);
+        System.out.printf("Computation time is %s milliseconds for 500.000 iterations with a key size of 256 bits\n", (System.currentTimeMillis() - start));
+        //Test for 1.000.000 iterations
+        rnd.nextBytes(salt);
+        spec = new PBEKeySpec(password, salt, 1000000, 256);
+        start = System.currentTimeMillis();
+        skf.generateSecret(spec);
+        System.out.printf("Computation time is %s milliseconds for 1.000.000 iterations with a key size of 256 bits\n", (System.currentTimeMillis() - start));
+    }
+}
diff --git a/cheatsheets/Password_Storage_Cheat_Sheet.md b/cheatsheets/Password_Storage_Cheat_Sheet.md
@@ -62,7 +62,8 @@ Example `protect()` pseudo-code follows:
 return [salt] + pbkdf2([salt], [credential], c=[iteration_count]);
 ```
 
-In the example above, as PBKDF2 computation time depend on the target system, **iteration_count** must have a number implying that the computation time on the target system must take at least 1 second (like 1000.000 for example).
+In the example above, as PBKDF2 computation time depend on the target system, **iteration_count** must have a number implying that the computation time on the target system must take at least 1 second.  
+500.000 is a good example, but please note that, as PBKDF2 is **not** time constant, this configuration is highly dependant on the target machine and you should probably [test the appropriate number for your specific situation](../assets/Password_Storage_Cheat_Sheet_Test_PBKDF2_Iterations.java). 
 
 Designers select one-way adaptive functions to implement `protect()` because these functions can be configured to cost (linearly or exponentially) more than a hash function to execute. Defenders adjust work factor to keep pace with threats’ increasing hardware capabilities. Those implementing adaptive one-way functions must tune work factors so as to impede attackers while providing acceptable user experience and scale.