id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
35428	ScryptPasswordHasher parallelism parameter is lower than the recommended in OWASP	Natalia Bidart	Jae Hyuck Sa 	"Following this [https://forum.djangoproject.com/t/stop-increasing-default-pbkdf2-iteration-count/25539/7 forum thread on password hashers iterations/parameters], it was agreed that the current `parallelism` parameter for `ScryptPasswordHasher` should be increased to 5. Alternatively we could switch to `N=2^16 (64 MiB), r=8 (1024 bytes), p=2` or `N=2^15 (32 MiB), r=8 (1024 bytes), p=3`.

Source: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#scrypt"	Cleanup/optimization	closed	contrib.auth	dev	Normal	fixed	hashers iterations	Adam Johnson Florian Apolloner	Ready for checkin	1	0	0	0	0	0