Encryption: low iteration count in pbkdf

nextcloud / end_to_end_encryption_rfc

🔒 Specification for end-to-end encryption used by Nextcloud sync & mobile apps

Other

31 stars 15 forks source link

Encryption: low iteration count in pbkdf #37

Open tobiasKaminsky opened 5 years ago

tobiasKaminsky commented 5 years ago

Currently we have 1024 iterations for PBKDF2WithHmacSHA1, which is a bit too low. Recommended is >=10.000.

We should check how long this takes on a low end phone with:

10.000
20.000
50.000

@marinofaggiana @tobiasKaminsky

MaxFichtelmann commented 5 years ago

agree.

I would recommend to store the iteration size along the salt in the encrypted privatekey json. That way, we are able to increment the iteration size in a client, detect low iterations etc.