From b304996ff58280d4b9f8c58a6d4d2dc277221311 Mon Sep 17 00:00:00 2001 From: Davide Grilli Date: Tue, 7 Jul 2026 14:24:37 +0200 Subject: [PATCH] docs(security): correct PBKDF2 iteration count and salt size SECURITY.md still documented the pre-hardening parameters (100,000 iterations, 32-byte salt); the code has used 600,000 iterations and a 16-byte salt (EncryptedFile.DefaultIterations) since the encryption upgrade, with the count itself stored in the file container for forward compatibility. --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 770477e..07e0887 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -55,7 +55,7 @@ It cannot (given correct Merkle verification): ## Encryption at rest - Algorithm: AES-256-GCM -- Key derivation: PBKDF2-HMAC-SHA512, 100 000 iterations, 32-byte random salt +- Key derivation: PBKDF2-HMAC-SHA512, 600 000 iterations, 16-byte random salt (fresh salt and nonce on every save; the iteration count is stored in the file container, so future increases remain backward-compatible) - Authentication: GCM tag (16 bytes) — any tampering is detected before decryption - The user can explicitly opt out of encryption (UI shows a warning); the `WalletStore.Save` API accepts `null` password only when the caller has confirmed user intent