From b108687895a4c00219750bc9ef23ca0146e417d3 Mon Sep 17 00:00:00 2001
From: Mike Mulchrone <mikemulchrone987@gmail.com>
Date: Sun, 22 Mar 2026 21:50:16 -0400
Subject: [PATCH] after adding OWASP iteration recommendations for SHA512 and
 implementing unit tests, I believe it would be nice to have a benchmark that
 supplements it.

---
 pbkdf2/benches/lib.rs | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/pbkdf2/benches/lib.rs b/pbkdf2/benches/lib.rs
index 3045029b..b9cbdfab 100644
--- a/pbkdf2/benches/lib.rs
+++ b/pbkdf2/benches/lib.rs
@@ -18,6 +18,19 @@ pub fn pbkdf2_hmac_sha256_16384_20(bh: &mut Bencher) {
     });
 }
 
+/// Benchmark PBKDF2-HMAC-SHA256 with 600,000 rounds. This is the recommended configuration for PBKDF2-HMAC-SHA256 according to the OWASP cheat sheet:
+/// <https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2>
+#[bench]
+pub fn pbkdf2_hmac_sha256_600000_20(bh: &mut Bencher) {
+    let password = b"my secure password";
+    let salt = b"salty salt";
+    let mut buf = [0u8; 20];
+    bh.iter(|| {
+        pbkdf2::<Hmac<sha2::Sha256>>(password, salt, 600_000, &mut buf).unwrap();
+        test::black_box(&buf);
+    });
+}
+
 #[bench]
 pub fn pbkdf2_hmac_sha512_16384_20(bh: &mut Bencher) {
     let password = b"my secure password";
@@ -28,3 +41,16 @@ pub fn pbkdf2_hmac_sha512_16384_20(bh: &mut Bencher) {
         test::black_box(&buf);
     });
 }
+
+/// Benchmark PBKDF2-HMAC-SHA512 with 210,000 rounds. This is the recommended configuration for PBKDF2-HMAC-SHA512 according to the OWASP cheat sheet:
+/// <https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2>
+#[bench]
+pub fn pbkdf2_hmac_sha512_210000_20(bh: &mut Bencher) {
+    let password = b"my secure password";
+    let salt = b"salty salt";
+    let mut buf = [0u8; 20];
+    bh.iter(|| {
+        pbkdf2::<Hmac<sha2::Sha512>>(password, salt, 210_000, &mut buf).unwrap();
+        test::black_box(&buf);
+    });
+}