From 6b2e97c2438e85ddf2f166cf7c56f6c923ffcac4 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sat, 22 Jun 2013 17:38:33 +0200 Subject: Enhance security by rising the iterations used in PBKDF2 : 327670 instead of 1000 when booting in encrypted system partition, and 2000000 instead of 2000 when using encrypted containers and partitions --- src/Common/Volumes.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/Common/Volumes.c') diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 01ebdf55..3b2c0ca7 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -299,7 +299,7 @@ KeyReady: ; switch (pkcs5_prf) { case RIPEMD160: - derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, + derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); break; @@ -595,8 +595,8 @@ int ReadVolumeHeader (BOOL bBoot, char *header, Password *password, PCRYPTO_INFO cryptoInfo = *retInfo = crypto_open (); // PKCS5 PRF - derive_key_ripemd160 (password->Text, (int) password->Length, header + HEADER_SALT_OFFSET, - PKCS5_SALT_SIZE, bBoot ? 1000 : 2000, dk, sizeof (dk)); + derive_key_ripemd160 (TRUE, password->Text, (int) password->Length, header + HEADER_SALT_OFFSET, + PKCS5_SALT_SIZE, 32767, dk, sizeof (dk)); // Mode of operation cryptoInfo->mode = FIRST_MODE_OF_OPERATION_ID; @@ -771,7 +771,7 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass break; case RIPEMD160: - derive_key_ripemd160 (keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, + derive_key_ripemd160 (TRUE, keyInfo.userKey, keyInfo.keyLength, keyInfo.salt, PKCS5_SALT_SIZE, keyInfo.noIterations, dk, GetMaxPkcs5OutSize()); break; -- cgit v1.2.3