Feature #3122

use scrypt instead of PBKDF2

Added by abeluck almost 4 years ago. Updated over 3 years ago.

Status:NewStart date:03/25/2014
Priority:LowDue date:
Assignee:-% Done:

0%

Category:-
Target version:future
Component:

Description

Using scrypt will provide more secure key stretching and brute force cracking resistance for our users.

Scrypt is more suited to our environment where the disparity between runtime execution performance (dinky mobile hardware) compared to the cracking hardware of the adversary (desktop computers, or super computers) is large.

We need to choose and include a scrypt library as well as determine optimal cost parameters (the equivalent of PBKDF's iteration count). Finally, a migration route will need to be coded.

History

#1 Updated by hans over 3 years ago

  • Priority changed from Normal to Low

#2 Updated by hans over 3 years ago

  • Target version deleted (0.2)

#3 Updated by hans over 3 years ago

  • Target version set to future

Also available in: Atom PDF