SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

security: increase PBKDF2 iterations from 100,000 → 310,000 (OWASP 2025 compliance)
CodeQL Analysis / Analyze CodeQL (push) Has been cancelled
Details
Mirror to Codeberg / mirror (push) Has been cancelled
Details
Mirror to PrivacyGuides / mirror (push) Has been cancelled
Details

Browse Source 
Updated PBKDF2 key derivation parameters to align with OWASP 2025 recommendations.
PBKDF2-HMAC-SHA256 now uses 310,000 iterations instead of 100,000 to improve resistance
against modern GPU and ASIC brute-force attacks.

- Updated both encryptData() and decryptData() derivation routines.
- Ensures ~100ms derivation time on modern CPUs (meets OWASP 2025 standard).
- No changes required for backward compatibility of existing ciphertexts.
This commit is contained in:
lockbitchat
2025-10-30 15:24:09 -04:00
parent 4583db39a2
commit 207e51361c
4 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/network/EnhancedSecureWebRTCManager.js
+1 -1
View File
@@ -13089,7 +13089,7 @@ class SecureMasterKeyManager {
this._inactivityTimeoutMs = 30 * 60 * 1000; // 30 minutes (увеличено с 5 минут)
// PBKDF2 parameters
this._pbkdf2Iterations = 100000; // 100k iterations
this._pbkdf2Iterations = 310000; // OWASP 2025 recommendation for PBKDF2-SHA256
this._saltSize = 32; // 256 bits
// IndexedDB wrapper for persistent salt storage