Merge pull request #50 from danielberkompas/sha256-security

🔒 Use 600,000 iterations in PBKDF2 SHA256
danielberkompas · Apr 6, 2024 · 350d43f · 350d43f
2 parents 43fa129 + a450aca
commit 350d43f
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/lib/cloak_ecto/types/pbkdf2.ex b/lib/cloak_ecto/types/pbkdf2.ex
@@ -44,7 +44,7 @@ if Code.ensure_loaded?(:pbkdf2) do
 
         config :my_app, MyApp.Hashed.PBKDF2,
           algorithm: :sha256,
-          iterations: 10_000,
+          iterations: 600_000,
           secret: "secret",
           size: 64
 
@@ -57,7 +57,7 @@ if Code.ensure_loaded?(:pbkdf2) do
           def init(config) do
             config = Keyword.merge(config, [
               algorithm: :sha256,
-              iterations: 10_000,
+              iterations: 600_000,
               secret: System.get_env("PBKDF2_SECRET")
             ])
 
@@ -135,7 +135,7 @@ if Code.ensure_loaded?(:pbkdf2) do
 
         @impl Cloak.Ecto.PBKDF2
         def init(config) do
-          defaults = [algorithm: :sha256, iterations: 10_000, size: 32]
+          defaults = [algorithm: :sha256, iterations: 600_000, size: 32]
 
           {:ok, defaults |> Keyword.merge(config)}
         end