h4waii

Increase PBKDF Iterations...

10 posts in this topic

Please add the option for user selectable rounds. 24000 is WAY too low, and people should be able to increase it, regardless of the time-cost to access the data. This should be a user defined field in all applications, even if it's hidden behind an "advanced" tab.

Share this post


Link to post
Share on other sites

Hi @h4waii,

The decision of 24000 iterations was taken few year back to ensure compatibility between all possible supported devices without any significant effect on performance . Now every device has more computing power and we certainly need to upgrade number of iterations. We are planning a major UI/database/sync engine redesign of Enpass next year, that will be perfect time to implement this.

4 people like this

Share this post


Link to post
Share on other sites

+1 for this. Provide a sensible default and allow people to pick. If they want to wait a little longer for the app to open in exchange for more security, let them.

1 person likes this

Share this post


Link to post
Share on other sites

Posted (edited)

@Vinod Kumar AFAIK sqlcipher doesn't allow to change the number of iterations. How are you planning to achieve that? By changing the enc/dec engine?

Edited by lucas

Share this post


Link to post
Share on other sites
18 hours ago, lucas said:

@Vinod Kumar AFAIK sqlcipher doesn't allow to change the number of iterations. How are you planning to achieve that? By changing the enc/dec engine?

Sqlcipher has api 'PRAGMA kdf_iter' to configure number of iterations for needed.

Share this post


Link to post
Share on other sites

And are you using SHA1 as hash func? Any plan to change it?

Share this post


Link to post
Share on other sites

Hi @lucas,

I think you are pointing towards the recent SHA-1 collision attack. PBKDF2 in SQLCipher use HMAC-SHA1 and it is still secure. Both are not quite the same thing.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now