Why the default number of iteration is 10000?

[qw4990]

These four lines:

32: hmacKey := pbkdf2.Key([]byte(password), hmacSalt, 10000, 32, sha1.New)

45: cipherKey := pbkdf2.Key([]byte(password), encSalt, 10000, 32, sha1.New)

91: encKey := pbkdf2.Key([]byte(password), encSalt, 10000, 32, sha1.New)

92: hmacKey := pbkdf2.Key([]byte(password), hmacSalt, 10000, 32, sha1.New)

spend too much time!

[rnapier]

This is by design. Conversion of weak passwords into strong keys is made slow in order to prevent brute forcing of passwords. This process is called "stretching" and is the only way to make password-based encryption secure.

If you have random keys already (two 256-bit totally random numbers), the RNCryptor data format supports faster key-based encryption, but I don't believe this has been implemented in the Go version.

On Apr 26, 2016, at 6:47 AM, Yuanjia Zhang [email protected] wrote:

These four lines:

32: hmacKey := pbkdf2.Key([]byte(password), hmacSalt, 10000, 32, sha1.New)

45: cipherKey := pbkdf2.Key([]byte(password), encSalt, 10000, 32, sha1.New)

91: encKey := pbkdf2.Key([]byte(password), encSalt, 10000, 32, sha1.New)

92: hmacKey := pbkdf2.Key([]byte(password), hmacSalt, 10000, 32, sha1.New)

spend too much time!

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub