browser-passworder icon indicating copy to clipboard operation
browser-passworder copied to clipboard
verified publisher icon MetaMask

Export key derivation options

Open Gudahtt opened this issue 3 years ago • 3 comments

Key derivation options are now exported from the functions keyFromPassword and encryptWithDetail. This can allow the project using this package to store the key derivation options alongside the vault, allowing for easier migrations to newer derivation options in the future.

Closes #1

Gudahtt avatar Nov 04 '22 05:11 Gudahtt

I don't think this is valuable until we support some alternative options. Putting this on the backburner until we decide on how to improve our key generation.

Gudahtt avatar Nov 07 '22 16:11 Gudahtt

One easy way to improve generation would be to simply add more hash cycles. Current vaults could be made harder to crack.

danfinlay avatar Nov 14 '22 16:11 danfinlay

Yeah, maybe for now we can add support just for that. And we can set a minimum of the current number of cycles that we use.

I would like to preserve a minimum level of safety with the options we allow. That's the only reason I'm hesitating to allow further configuration; I don't know how to ensure a minimum level of safety across all of these controls.

Gudahtt avatar Nov 14 '22 16:11 Gudahtt