leonlatsch
commented
3 years ago Bcrypt is not used for encryption. BCrypt is only used for hashing your password, to check it. AES-256 is used for encryption end decryption.
Closed VioletFalcon closed 3 years ago
leonlatsch
commented
3 years ago Bcrypt is not used for encryption. BCrypt is only used for hashing your password, to check it. AES-256 is used for encryption end decryption.
leonlatsch
commented
3 years ago @VioletFalcon So configuring bcypt won't change anything, because its not used for encryption.
Encryption might be slower, because it does more things than just encrypting some bytes. The thumbnail is created and encrypted, exif data gets normalized, etc.
I defenetly need to look into this, because it got kind of slow over the time, but I will close this for now, since it has nothing to do with the encryption.
Decryption seems surprisingly fast, maybe implementing an optional benchmark (or just detect the amount of ram memory and processor) to configure bcrypt to be more resistant can be a good idea, mid-end and high phones will benefit from this. Or either use Argon2d / Argon2id , if it's possible (KeePassDX uses it)