Jump to content
h4waii

Increase PBKDF Iterations...

Recommended Posts

h4waii    0

Please add the option for user selectable rounds. 24000 is WAY too low, and people should be able to increase it, regardless of the time-cost to access the data. This should be a user defined field in all applications, even if it's hidden behind an "advanced" tab.

Share this post


Link to post
Share on other sites
Vinod Kumar    35

Hi @h4waii,

The decision of 24000 iterations was taken few year back to ensure compatibility between all possible supported devices without any significant effect on performance . Now every device has more computing power and we certainly need to upgrade number of iterations. We are planning a major UI/database/sync engine redesign of Enpass next year, that will be perfect time to implement this.

  • Like 4

Share this post


Link to post
Share on other sites
Travis    1

+1 for this. Provide a sensible default and allow people to pick. If they want to wait a little longer for the app to open in exchange for more security, let them.

  • Like 1

Share this post


Link to post
Share on other sites
lucas    0

@Vinod Kumar AFAIK sqlcipher doesn't allow to change the number of iterations. How are you planning to achieve that? By changing the enc/dec engine?

Edited by lucas

Share this post


Link to post
Share on other sites
Vinod Kumar    35
18 hours ago, lucas said:

@Vinod Kumar AFAIK sqlcipher doesn't allow to change the number of iterations. How are you planning to achieve that? By changing the enc/dec engine?

Sqlcipher has api 'PRAGMA kdf_iter' to configure number of iterations for needed.

Share this post


Link to post
Share on other sites
Vinod Kumar    35

Hi @lucas,

I think you are pointing towards the recent SHA-1 collision attack. PBKDF2 in SQLCipher use HMAC-SHA1 and it is still secure. Both are not quite the same thing.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×