Insufficient pbkdf2 work factor sha512

Compliance
Anti-Patterns
Code Governance
Infrastructure Security Database
Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
  - Biometrics-and-auth
  - Commoncrypto
    - Hardcoded-iv
    - Hardcoded-pbkdf2-passphrase
    - Hardcoded-realm
    - Hardcoded-salt
    - Hardcoded-symmetric-key
    - Insecure-crypto-aes-keysize
    - Insecure-crypto-algorithm-blowfish
    - Insecure-crypto-algorithm-des
    - Insecure-crypto-algorithm-rc4
    - Insecure-crypto-cbc-mode
    - Insecure-crypto-ecb-mode
    - Insecure-crypto-keystorage
    - Insecure-crypto-rsa-keysize
    - Insecure-hashing-algorithm-md2
    - Insecure-hashing-algorithm-md4
    - Insecure-hashing-algorithm-md5
    - Insecure-hashing-algorithm-sha1
    - Insufficient-pbkdf2-work-factor-sha1
    - Insufficient-pbkdf2-work-factor-sha256
    - Insufficient-pbkdf2-work-factor-sha512
      - Insufficient pbkdf2 work factor sha512
    - Realmstate-encryption-missing
  - Cryptoswift
  - Insecure-communication
  - Lang
  - Pathtraversal
  - Sql
  - Sqllite
  - Webview
  - Webview
- Terraform
- Typescript
- Yaml

insufficient-pbkdf2-work-factor-sha512

PBKDF2 usage was identified with an insufficient work factor, i.e. an iteration count (rounds) lower than modern guidelines prescribe. Per OWASP guidance, 210K iterations should be used with SHA512
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-916: Use of Password Hash With Insufficient Computational Effort
OWASP:
- A02:2021 - Cryptographic Failures

Insufficient pbkdf2 work factor sha256 Swift hardcoded realm without encryption

Start Here

Setup

Pull Request Review

Scan center

Integrations

IDE

Rule Reference

Resources

Insufficient pbkdf2 work factor sha512