search

arqbackup / arq_restore

command-line utility for restoring from Arq backups
https://www.arqbackup.com
649 stars 129 forks source link

1,000 PBKDF2 iterations is far too weak to protect most passwords #7

Closed scrod closed 7 years ago

scrod commented 11 years ago

I strongly encourage you to use a far higher number of iterations when deriving encryption keys. At even 13,000 iterations (the equivalent of spending 100ms in PBKDF2 on a Core i7), 8 letter passwords are trivially crackable. At only 1,000 iterations, the user's password will need to be very long to provide the same level of security, and many people may not realize this when choosing their password.

You can use the CommonCrypto framework to estimate the number of iterations needed to engage the user's machine for a period of (for example) 5 seconds:

uint rounds = CCCalibratePBKDF(kCCPBKDF2,
                               [password length],
                               [salt length],
                               kCCPRFHmacAlgSHA1,
                               CC_SHA1_DIGEST_LENGTH),
                               5000);

And of course if claims about scrypt are to be believed, then you might consider switching your key derivation function entirely.

sreitshamer commented 7 years ago

Arq now uses 200,000 iterations. We need to update arq_restore.

arqbackup commented 7 years ago

We finally updated arq_restore to work with Arq 5-created backups.