/**
 * Copyright (c) 2025 Ofri Peretz
 * Licensed under the MIT License. Use of this source code is governed by the
 * MIT license that can be found in the LICENSE file.
 */
/**
 * ESLint Rule: no-insecure-key-derivation
 * Detects PBKDF2 with insufficient iterations
 * CWE-916: Use of Password Hash With Insufficient Computational Effort
 *
 * OWASP 2023 recommends minimum 600,000 iterations for PBKDF2-SHA256
 * @see https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
 */
import type { TSESLint } from '@interlace/eslint-devkit';
type MessageIds = 'insufficientIterations' | 'useMinIterations' | 'useScrypt' | 'useArgon2';
export interface Options {
    /** Minimum PBKDF2 iterations. Default: 100000 */
    minIterations?: number;
}
type RuleOptions = [Options?];
export declare const noInsecureKeyDerivation: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
    name: string;
};
export type { Options as NoInsecureKeyDerivationOptions };