package kdf

const (
	BcryptPbkdfName string = "bcrypt"
	// BcryptPbkdfDefaultRounds is the default per OpenSSH, not per the bcrypt_pbkdf spec itself. It is recommended to use e.g. 100 rounds.
	BcryptPbkdfDefaultRounds uint32 = 16
	// BcryptPbkdfDefaultSaltLen is the default per OpenSSH, not per the bcrypt_pbkdf spec itself.
	BcryptPbkdfDefaultSaltLen int = 16
	// BcryptPbkdfDefaultKeyLen is suitable for AES256-CTR but may not be for others. TODO: revisit this and find something more flexible.
	BcryptPbkdfDefaultKeyLen uint32 = 48
)