I have a few questions about what are appropriate PBKDF2 settings. I googled for answers and came up mostly empty handed.
Basically, I would like to know what are appropriate values for the input pbkdf2.php (found here) considering the state of technology in 2012. What will give me a reasonable expectation that the passwords I encode will not be hackable by non governmental entities for the next few years?
Here is what I am considering:
define("PBKDF2_HASH_ALGORITHM", "sha512");
define("PBKDF2_ITERATIONS", 20000);
define("PBKDF2_SALT_BYTES", 512);
define("PBKDF2_HASH_BYTES", 512);
I understand that there are many other things that come into play to create good security. Here is a synopsis of other security measures I am using:
Am I missing anything?
Just as an example, the default settings for sha512crypt in most modern Linux distros ($6$ in /etc/shadow entries) uses 5000 iterations and 16 bytes of salt. That is plenty slow. But I'm not going to criticize you for overkill when it comes to hashing ;)
There's no one right answer to this question because different applications call for different levels of security. The right thing to do is to benchmark your application, and use as high a setting as your server(s) can comfortably deal with in a responsive manner. (Under load tests, of course)
You're already much more secure than the average system just by implementing PBKDF2 in the first place rather than a "fast", "message digest"-like algorithm, such as MD5 or SHA-1.