Constant tindercrypt::metadata::PBKDF2_DEFAULT_ITERATIONS [−][src]
pub const PBKDF2_DEFAULT_ITERATIONS: usize = 100000;
Expand description
The default number of iterations for the PBKDF2 key derivation algorithm.
We use a constant number of 100,000 iterations. As of 2019, this number
seems to be commonly suggested, and is used in various projects, such as
the Borg backup project (issue) and 1Password (blog). While not
ideal, from a strict security standpoint, raising it higher would make it
less tolerable in low-end devices, and wouldn’t offer better security than
a more modern KDF, such as scrypt
or argon2
.
To understand the performance gap between different devices, here’s a quick
run of cryptsetup benchmark
for the PBKDF2-sha256 algorithm, in a
mid-end and low-end device:
- Mid 2010 i7 CPU: ~1,800,000 iterations per second for 256-bit key
- Raspberry Pi 3 Model B: ~270,000 iterations per second for 256-bit key
With 100,000 iterations, a mid-end device would require roughly 55ms to create a key, while a low-end device would require roughly 370ms.