themis: Bump PBKDF2 iterations to 314,110#976
Conversation
It's been almost 3 years since this value was revised. Current OWASP recommendations are at least 310,000 iterations for SHA-256, so let's maybe bump it up to 400,000 to be safe.
|
but it will break compatibility between themis versions |
no, it will not. iteration count serialized in ciphertext structure on encryption and deserialized on decryption. This constant specifies how much iterations should be used on every new encryption operations. All previously encrypted contains iteration count and will be decrypted. |
That's the plan 👍 It is not a breaking change, should be transparent to the users. Except for the expected x2 time to encrypt/decrypt. I'd like to do some benchmarks first before merging this (with whatever the new value would be). |
G1gg1L3s
left a comment
G1gg1L3s
left a comment
There was a problem hiding this comment.
Yeah, moar secuwity!
It would be cool to see some random looking number, for example, totally randomly generated from the first try without any enumeration:
echo -n "oh dear Random Oracle, we request the number of pbkdf2 rounds for Secure Cell that we should use in 2023" | sha256sum | head -c 6
487847
But nevermind :)
oh, y'all are the best!! 🧡 |
|
i am not a fan of 2x performance penalty, i suggest using |
|
As expected, most of the cost is in PBKDF and it's proportional to the iteration count. Sample with n = 1200,000 iterations: 400,000 iterations: 3,14159 iterations: Somewhat in the previous measurement of 120 ms for the same machine. New value bumps that to 330 ms. (OpenSSL 3.0 might have been involved in slight degradation.) @vixentael, how about 314159 iterations then? 😉 |
|
@ilammy i'm suspicious about the odd (not even) round counts while I appreciate the 🥧. |
Because it looks nice in hex dumps.
ilammy
changed the title
4 participants
It's been almost 3 years since this value was revised. Current OWASP recommendations are at least 310,000 iterations for SHA-256, so let's bump it up to be safe.
Checklist