ASVS Requirement 11.4.4

• Level: 2
• Chapter: V11 Cryptography
• Section: V11.4 Hashing and Hash-based Functions
• Source: 0x20-V11-Cryptography.md

Description

Verify that the application uses approved key derivation functions with key stretching parameters when deriving secret keys from passwords. The parameters in use must balance security and performance to prevent brute-force attacks from compromising the resulting cryptographic key.