The current amount of PBKDF2 iterations is below the OWASP standard of 600,000. We should increase the amount and encode the number of iterations on the front of the encrypted private key.
Current format (92 bytes): [salt(32)][iv(12)][AES-GCM encrypted key(48)]
New format (96 bytes): [iterations(4, big-endian uint32)][salt(32)][iv(12)][AES-GCM encrypted key(48)]
We can detect the legacy based on the length and 4 bytes will be plenty to contain any iteration increase over time.
OWASP 2023 recommendation was 600,000, but going to 750,000 seems reasonable to me since that recommendation is a few years old.
The current amount of PBKDF2 iterations is below the OWASP standard of 600,000. We should increase the amount and encode the number of iterations on the front of the encrypted private key.
Current format (92 bytes):
[salt(32)][iv(12)][AES-GCM encrypted key(48)]New format (96 bytes):
[iterations(4, big-endian uint32)][salt(32)][iv(12)][AES-GCM encrypted key(48)]We can detect the legacy based on the length and 4 bytes will be plenty to contain any iteration increase over time.
OWASP 2023 recommendation was 600,000, but going to 750,000 seems reasonable to me since that recommendation is a few years old.