Open ghost opened 3 years ago
I put it at 500,000 which seems reasonable for an old device. (Galaxy S I9000) I leave the feature open for the automatic generation of the KDF according to a defined time.
The default value of Argon2 memory parameter on both of KeePass and KeePassXC is 64MB now due to KeePass 2.47 update. It might be a good idea for KeePassDX to follow the change.
https://github.com/Kunzisoft/KeePassDX/issues/1662#issuecomment-1926871990 Can we use OWASP's general recommendation parameters as default setting for KeePassDX? It seems reasonable to me.
Is your feature request related to a problem? Please describe. The current default setting is AES-KDF with 6,000 transformation rounds. It is obviously too low without need. For your information, KeePassXC warns the AES-KDF with less than 100,000 transformation rounds.
Describe the solution you'd like KDF: Argon2 (Because all maintained KeePass clients I know have already supported Argon2) Transformation rounds: 1-sec benchmark Memory usage: 32/64MiB (Compatibility with iOS platform) Parallelism: the number of CPU cores
Describe alternatives you've considered Just increase the number of transformation rounds. For example, the Keepass2Android default setting is
500,000
. and the previous default value for KeePassXC (now Argon2 and 1sec benchmark) is1,000,000
.Additional context I don't know if the above setting works well on all supported devices (especially Cortex-A7?), or if they are appropriate for security.