Closed magi-web closed 2 years ago
The fast indices are sufficient for security. The slow ones were provided so nobody reinvented their own PBKDF2-based blind index alternative and made a critical vulnerability i.e. between HMAC and PBKDF2. It was included with the Libsodium-based backend for feature-parity.
Thank you very much !
Thank you very much for this awesome work !
I'm currently building a symfony/doctrine bridge package to provide your library as a user friendly feature. My concern is about the Blind Index generation which can take time when we want to build a large list of indexes. I ran a benchmark to compare both slow and fast methods :
Here is the output on my laptop :
I'd like to know if we can safely use Fast method or if we should prefer the slow one as a good practice.