mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-07-30 22:23:30 +00:00
f8419003eb
The recommended minimums for scrypt, as per OWASP Cheat Sheet Series (https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html), are: Use scrypt with a minimum CPU/memory cost parameter of (2^16), a minimum block size of 8 (1024 bytes), and a parallelization parameter of 1. Previous default configuration: cpuCost=16384, memoryCost=8, parallelism=1 New default configuration: cpuCost=65536, memoryCost=8, parallelism=1 The default salt length was also updated from 64 to 16. Issue gh-10506