To be fair, PBKDF2(HMAC-SHA1, pw, salt, 1000, 256) is absolutely much better than the previous SHA1(pw, salt). Completely insufficent and quite silly, but still better than we had. PBKDF2(HMAC-SHA-3-256, pw, salt, 100000, 256) would of course be better, but Microsoft seems dead against PBKDF2 for anything other than SHA1.
Atom, I would be extremely interested in the addition of PBKDF2 (PKCS #5, RFC2898) hash iteration types, though as # of rounds can vary (and should vary - see https://www.owasp.org/index.php/Password...heat_Sheet), I'd strongly suggest making the # of rounds a parameter, preferably on a password by password basis, i.e.
rounds
alt:password
1000ssss:ppppppppppppppp
5000ssss:ppppppppppppppp
64000ssss:ppppppppppppppp
1000ssss:ppppppppppppppp
More flexible still, and very useful would be to also support the output length in bits as a parameter.
Atom, I would be extremely interested in the addition of PBKDF2 (PKCS #5, RFC2898) hash iteration types, though as # of rounds can vary (and should vary - see https://www.owasp.org/index.php/Password...heat_Sheet), I'd strongly suggest making the # of rounds a parameter, preferably on a password by password basis, i.e.
rounds
alt:password1000
ssss:ppppppppppppppp5000
ssss:ppppppppppppppp64000
ssss:ppppppppppppppp1000
ssss:pppppppppppppppMore flexible still, and very useful would be to also support the output length in bits as a parameter.