Requirement for password salt entropy

[randomstuff]

We don't currently have a requirement for password salt length but only "parameter settings configured based on current guidance". Should be include a requirement about password salt size (entropy)?

Notes:

• PBKF2 recommends at least 8 bytes;
• argon2 recommends at least 16 bytes for password hashing;
• bcrypt requires 16 bytes.

---

We currently have:

#	Description	L1	L2	L3	CWE
6.6.2	[MODIFIED, MOVED FROM 2.4.1, MERGED FROM 2.4.3, 2.4.4, COVERS 2.5.3] Verify that passwords are stored using an approved, computationally intensive, hashing algorithm with parameter settings configured based on current guidance. The settings should balance security and performance to make brute-force attacks more challenging.		✓	✓

With the list of approved password hash functions:

Hash Function	Reference	Required Parameter Sets	L1	L2	L3
argon2	RFC 9106	Argon2ID: Memory Cost 19MB, Time Cost 2, Parallelism 1		✓	✓
scrypt	RFC 7914	2^15 r = 8 p = 1		✓	✓
bcrypt	--	At least 10 rounds.		✓	✓
PBKDF2_SHA512	NIST SP 800-132, FIPS 180-4	210,000 iterations	✓	✓	✓
PBKDF2_SHA256	NIST SP 800-132, FIPS 180-4	600,000 iterations	✓	✓	✓

For lookup secrets, we have:

#	Description	L1	L2	L3	CWE
2.6.2	[MODIFIED, SPLIT TO 2.6.4] Verify that, when being stored in the application's back-end, lookup secrets with less than 112 bits of entropy (19 random alphanumeric characters or 34 random digits) are hashed with an approved password storage hashing algorithm that incorporates a 32-bit random salt. A standard hash function can be used if the secret has 112 bits of entropy or more.		✓	✓	330

[jmanico]

I suggest no, just use the right password storage algorithm and implementation and salting is already handled. The only things developers typically need to worry about is to make sure the salt for each password is unique. Not random, unique. I would totally support a requirement ensuring uniqueness, most libraries just make the salt random which is not necessarily unique, so devs should check if a given salt is in use for another password.