From 46654da594a8cca006bcaf93f94d443a04130efd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Taavi=20Eom=C3=A4e?= <taavi.eomae+github@gmail.com>
Date: Tue, 12 Mar 2024 14:53:52 +0200
Subject: [PATCH] fix(password-hash): Update PBKDF2 iteration count to more
 closely align with OWASP recommendations (#648)

---
 lib/consts.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/consts.js b/lib/consts.js
index 7eda33a5..12806460 100644
--- a/lib/consts.js
+++ b/lib/consts.js
@@ -43,7 +43,7 @@ module.exports = {
     DEFAULT_HASH_ALGO: 'pbkdf2', //either 'pbkdf2' or 'bcrypt'
 
     BCRYPT_ROUNDS: 11, // bcrypt.js benchmark async in a VPS: 261.192ms, do not want to take it too long
-    PDKDF2_ITERATIONS: 25000,
+    PDKDF2_ITERATIONS: 100000,
     PDKDF2_SALT_SIZE: 16,
     PDKDF2_DIGEST: 'sha256', // 'sha512', 'sha256' or 'sha1'