Low number of iterations by default

[inkeliz]

The PBKDF2 is faster than Argon2id or BCrypt. It will be even faster with low quantities of iterations. By default it uses:

var iterations = 5000;

https://github.com/AugustoResende/RaiLightWallet/blob/master/src/js/rai-wallet/Wallet.js#L167

The LastPass uses 100,000 iterations using SHA-256. The Covecube uses 200,000 iterations using SHA-512.

The iterations should be the maximum supported by the computer, giving maximum tolerable execution time.

The NIST already recommends uses 10,000 iterations:

For PBKDF2, the cost factor is an iteration count: the more times the PBKDF2 function is iterated, the longer it takes to compute the password hash. Therefore, the iteration count SHOULD be as large as verification server performance will allow, typically at least 10,000 iterations.

https://pages.nist.gov/800-63-3/sp800-63b.html#sec5

---

Also, it seems better change the SHA-1 to SHA-2 (SHA-512):

var key = pbkdf2.pbkdf2Sync(passPhrase, salt, iterations, 32, 'sha1'); 

https://github.com/AugustoResende/RaiLightWallet/blob/master/src/js/rai-wallet/Wallet.js#L1143

Because SHA-1 is way faster than SHA-2. The SHA-3 (Keccak) is slow in software, but faster in hardware than SHA-2. So, stick with SHA-2 can be more secure against FPGA.

I think replace the PBKDF2 to Argon2id, the winner of PHC, can be better, but will need more changes in code.

[augustresende]

@jaimehgb

[augustresende]

@Inkeliz open your issue in this repo:

https://github.com/chriscohoat/rai-wallet

Soon RaiLightWallet will not use rai-wallet anymore.