CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
        • Biometrics-and-auth
        • Commoncrypto
          • Hardcoded-iv
          • Hardcoded-pbkdf2-passphrase
          • Hardcoded-realm
          • Hardcoded-salt
          • Hardcoded-symmetric-key
          • Insecure-crypto-aes-keysize
          • Insecure-crypto-algorithm-blowfish
          • Insecure-crypto-algorithm-des
          • Insecure-crypto-algorithm-rc4
          • Insecure-crypto-cbc-mode
          • Insecure-crypto-ecb-mode
          • Insecure-crypto-keystorage
          • Insecure-crypto-rsa-keysize
          • Insecure-hashing-algorithm-md2
          • Insecure-hashing-algorithm-md4
          • Insecure-hashing-algorithm-md5
          • Insecure-hashing-algorithm-sha1
          • Insufficient-pbkdf2-work-factor-sha1
          • Insufficient-pbkdf2-work-factor-sha256
          • Insufficient-pbkdf2-work-factor-sha512
            • Insufficient pbkdf2 work factor sha512
          • Realmstate-encryption-missing
        • Cryptoswift
        • Insecure-communication
        • Lang
        • Pathtraversal
        • Sql
        • Sqllite
        • Webview
        • Webview
      • Terraform
      • Typescript
      • Yaml
    Insufficient-pbkdf2-work-factor-sha512

    Insufficient pbkdf2 work factor sha512

    insufficient-pbkdf2-work-factor-sha512

    PBKDF2 usage was identified with an insufficient work factor, i.e. an iteration count (rounds) lower than modern guidelines prescribe. Per OWASP guidance, 210K iterations should be used with SHA512
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-916: Use of Password Hash With Insufficient Computational Effort
    OWASP:
    - A02:2021 - Cryptographic Failures
    Insufficient pbkdf2 work factor sha256Swift hardcoded realm without encryption
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.